Vulners
Lucene search
📄 Beakon SQL Injection
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2025-46101 | 23 Jun 202516:15 | – | circl |
 | Beakon Learning Management System Sharable Content Object Reference Model 安全漏洞 | 23 Jun 202500:00 | – | cnnvd |
 | CVE-2025-46101 | 23 Jun 202500:00 | – | cve |
 | CVE-2025-46101 | 23 Jun 202500:00 | – | cvelist |
 | EUVD-2025-18878 | 3 Oct 202520:07 | – | euvd |
 | CVE-2025-46101 | 23 Jun 202515:15 | – | nvd |
 | PT-2025-26605 · Unknown · Beakon Learning Management System | 23 Jun 202500:00 | – | ptsecurity |
 | CVE-2025-46101 | 25 Jun 202500:53 | – | redhatcve |
 | CVE-2025-46101 | 23 Jun 202500:00 | – | vulnrichment |
Title: Unauthenticated Time Based SQL Injection Vulnerability in Beakon versions prior to 5.4.3
Description:
An unauthenticated time-based SQL injection vulnerability exists in the Beakon application within the Learning Management System (LMS)'s SCORM module. By sending specially crafted requests to the json_scorm.php along with ks (injectable) parameter, unauthenticated remote attackers can execute arbitrary SQL commands. This issue affects Beakon application versions before 5.4.3.
Source URL: https://packetstorm.news/user/g30ff1rl/
Source Name: Geoff Zhang
CVE: CVE-2025-46101 (Reserved for now)
Affected Software: Beakon Software
Affected Versions: versions prior to 5.4.3
Software URL: https://beakon.com.au/, https://beakon.io/
Proof of Concept/Content:
An unauthenticated time-based SQL injection vulnerability exists in the Beakon application within the Learning Management System (LMS)'s SCORM module. By sending specially crafted requests to the json_scorm.php along with ks (injectable) parameter, unauthenticated remote attackers can execute arbitrary SQL commands. This issue affects Beakon version before 5.4.3.
A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to the json_scorm.php function (https://example-base-url/json_scorm.php?s=dummy&m=putSCORM&u=dummy&c=dummy&preview=0&v=SCORM_12&id=dummy&ks=<https://example-base-url/json_scorm.php?s=dummy&m=putSCORM&u=dummy&c=dummy&preview=0&v=SCORM_12&id=dummy&ks={vulnerable}&vt=undefined>{vulnerable}<https://example-base-url/json_scorm.php?s=dummy&m=putSCORM&u=dummy&c=dummy&preview=0&v=SCORM_12&id=dummy&ks={vulnerable}&vt=undefined>&vt=undefined<https://example-base-url/json_scorm.php?s=dummy&m=putSCORM&u=dummy&c=dummy&preview=0&v=SCORM_12&id=dummy&ks={vulnerable}&vt=undefined>). By injecting SQL syntax designed to cause conditional time delays (e.g., using SLEEP, WAITFOR DELAY, pg_sleep) into the [ks] parameter, the attacker can execute arbitary SQL commands.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2025 00:00Current
8.4High risk
Vulners AI Score8.4
CVSS 3.19.8
EPSS0.00615
SSVC