CVE-2025-21628 PoC — Chatwoot SQL注入漏洞

Source

https://github.com/elahehasanpour/chatwoot-cve-2025-21628

Associated Vulnerability

Title:Chatwoot SQL注入漏洞 (CVE-2025-21628)
Description:Chatwoot是Chatwoot开源的一个应用软件。客户参与套件，对讲、Zendesk、Salesforce 服务云等的开源替代方案。 Chatwoot 3.16.0之前版本存在SQL注入漏洞，该漏洞源于输入清理不当，攻击者可以通过添加重复的WHERE子句在过滤器查询中运行任意SQL。

Description

A technical write-up explaining how improper SQL structure handling led to CVE-2025-21628 in Chatwoot.

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!