Login Sign Up

CVE-2020-25905

9.8 CRITICAL
SQL Injection Authentication Bypass

📋 TL;DR

This SQL injection vulnerability in Sourcecodester Mobile Shop System 1.0 allows attackers to execute arbitrary SQL commands via the email parameter in login pages. Attackers can potentially bypass authentication, access sensitive data, or compromise the database server. Any organization using this specific PHP/MySQL e-commerce system is affected.

💻 Affected Systems

Products:
  • Sourcecodester Mobile Shop System
Versions: 1.0
Operating Systems: Any OS running PHP/MySQL
Default Config Vulnerable: ⚠️ Yes
Notes: Affects both login.php and LoginAsAdmin.php files. Requires PHP/MySQL environment.

📦 What is this software?

Mobile Shop System by Mobile Shop System Project

View all CVEs affecting Mobile Shop System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, authentication bypass, remote code execution on the database server, and potential full system takeover.

🟠

Likely Case

Authentication bypass allowing unauthorized admin access, extraction of user credentials and sensitive customer data, and potential data manipulation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection, though other vulnerabilities may still exist.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts available. Simple SQL injection via email parameter requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

1. Download latest version if available from Sourcecodester. 2. Replace vulnerable files (login.php, LoginAsAdmin.php). 3. Implement parameterized queries. 4. Validate and sanitize all user inputs.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add input validation to email parameter to reject SQL injection attempts

Modify PHP files to validate email format and sanitize input

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block malicious requests

🧯 If You Can't Patch

  • Isolate the system behind a firewall with strict access controls
  • Implement network segmentation to limit database server exposure

🔍 How to Verify

Check if Vulnerable:

Test email parameter with SQL injection payloads like ' OR '1'='1

Check Version:

Check PHP files for version information or compare with original 1.0 release

Verify Fix Applied:

Attempt SQL injection tests and verify they are blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple failed login attempts with SQL-like patterns
  • Admin login from unexpected IP addresses

Network Indicators:

  • HTTP POST requests with SQL keywords in email parameter
  • Unusual database connection patterns

SIEM Query:

source="web_logs" AND (email="*OR*" OR email="*UNION*" OR email="*SELECT*")

📊 Metadata

CVE ID: CVE-2020-25905
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: January 28, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-25905, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)