CNNVD-202508-3250 Information

CNNVD ID

CNNVD-202508-3250

Related CVE

CVE-2025-50979

• CNNVD Published: 2025-08-27

Description (Chinese)

NodeBB是Design Create Play团队的一套使用Node.js（一套建立在Google V8 JavaScript引擎之上的网络应用平台）构建的论坛系统。 NodeBB v4.3.0版本存在安全漏洞，该漏洞源于search-categories API端点中search query参数清理不当，可能导致SQL注入攻击。

Description (English)

NodeBB is a forum system built by the Design Create Play team using Node.js (a web application platform based on Google V8 JavaScript engine). Version NodeBB v4.3.0 contains a security loophole, which stems from the inappropriate clean-up of the Search query parameters at the Sears-Categories API endpoint, which could lead to an SQL injection attack.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Design Create Play

Published

2025-08-27

Last Modified

2026-02-24

References

https://github.com/4rdr/proofs/blob/main/info/NodeBB-v4.3.0.-SQL-Injection-via-search-parameter.md https://nvd.nist.gov/vuln/detail/CVE-2025-50979

Patch

https://github.com/NodeBB/NodeBB/releases