CVE-2025-6006 is a SQL Injection vulnerability identified in version 5.2.0 of the kiCode111 like-girl product, specifically within the /admin/ImgUpdaPost.php file. The vulnerability arises due to improper sanitization or validation of input parameters such as id, imgText, imgDatd, and imgUrl, which are used in SQL queries. An attacker can remotely manipulate these parameters to inject malicious SQL code, potentially altering the behavior of the database queries executed by the application. This could lead to unauthorized data access, data modification, or even complete compromise of the backend database. The vulnerability does not require user interaction but does require high privileges (PR:H) according to the CVSS vector, indicating that the attacker must have some level of authenticated access to exploit it. The CVSS 4.0 base score is 5.1, categorized as medium severity, reflecting limited scope and impact due to the need for authentication and the low impact on confidentiality, integrity, and availability. The vendor has not responded to the disclosure, and no patches or mitigations have been published yet. Although no known exploits are currently observed in the wild, the public disclosure of the vulnerability increases the risk of exploitation attempts. The vulnerability affects a specific version (5.2.0) of the product, which is likely used in web applications that manage image uploads or posts, possibly in administrative contexts given the file path. The lack of vendor response and patch availability increases the urgency for organizations to implement compensating controls or consider alternative mitigations.

For European organizations using kiCode111 like-girl version 5.2.0, this vulnerability poses a risk primarily in environments where administrative access to the application is granted. Successful exploitation could allow an attacker with authenticated access to execute arbitrary SQL commands, potentially leading to unauthorized disclosure or modification of sensitive data stored in the backend database. This could affect data confidentiality and integrity, especially if the database contains personal data protected under GDPR. Although the vulnerability requires high privileges, insider threats or compromised credentials could be leveraged to exploit this flaw. The impact on availability is limited but could occur if injected SQL commands disrupt database operations. Given the administrative nature of the vulnerable endpoint, critical business functions related to content or image management could be disrupted. The absence of vendor patches means organizations must rely on internal controls to mitigate risk. This vulnerability could also be leveraged as a foothold for further lateral movement or privilege escalation within the network. European organizations in sectors such as media, e-commerce, or any industry using this product for web content management are at risk. Compliance risks also arise due to potential data breaches involving personal data.

1. Immediate mitigation should include restricting access to the /admin/ImgUpdaPost.php endpoint to trusted IP addresses or VPNs to limit exposure to authenticated users only. 2. Implement strict input validation and parameter sanitization at the web application firewall (WAF) level to detect and block SQL injection patterns targeting the id, imgText, imgDatd, and imgUrl parameters. 3. Enforce the principle of least privilege for user accounts with administrative access to minimize the risk of credential compromise leading to exploitation. 4. Monitor application and database logs for unusual query patterns or errors indicative of SQL injection attempts. 5. If feasible, disable or isolate the vulnerable functionality until a patch or vendor response is available. 6. Conduct an internal code review or penetration test focusing on SQL injection vulnerabilities in the affected application version. 7. Prepare for incident response by ensuring backups of the database are current and tested, enabling recovery in case of data tampering. 8. Engage with the vendor or community to seek updates or unofficial patches and consider upgrading to a newer, unaffected version if available. 9. Educate administrators about the risks of credential compromise and enforce multi-factor authentication to reduce the likelihood of unauthorized access.