How the CVE Works
CVE-2025-3344 is a critical SQL injection vulnerability in Online Restaurant Management System 1.0’s `/admin/assign_save.php` file. The flaw occurs due to improper sanitization of the `ID` parameter, allowing attackers to inject malicious SQL queries. When crafted input is passed through the `ID` parameter, the backend database executes unintended commands, potentially enabling unauthorized data access, modification, or deletion. The attack can be performed remotely without authentication (PR:N in CVSS 4.0), exploiting the application’s failure to implement prepared statements or input validation. The vulnerability scores 6.9 (MEDIUM) in CVSS-B but is marked critical due to its potential impact on restaurant operations and customer data exposure.
DailyCVE Form
Platform: Online Restaurant Management
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 04/30/2025
What Undercode Say:
Exploitation:
curl -X POST "http://target.com/admin/assign_save.php" -d "ID=1' AND 1=CONVERT(int,(SELECT table_name FROM information_schema.tables WHERE table_schema=database()))--"
Detection:
SELECT FROM logs WHERE request_uri LIKE '%assign_save.php%ID=%--%'
Mitigation:
// Patch for assign_save.php
$id = mysqli_real_escape_string($conn, $_POST['ID']);
$stmt = $conn->prepare("UPDATE assignments SET user_id=? WHERE id=?");
$stmt->bind_param("ii", $user_id, $id);
WAF Rule:
location ~ /admin/assign_save.php {
deny "ID=.[';]";
}
Log Analysis:
import re malicious_pattern = re.compile(r"ID=.+?[';(]") if malicious_pattern.search(log_entry): block_ip(log_entry.ip)
Database Hardening:
REVOKE ALL PRIVILEGES ON restaurant_db. FROM 'webuser'@'%'; GRANT SELECT, INSERT, UPDATE ON restaurant_db. TO 'webuser'@'%';
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
