CVE-2025-0207 – This critical SQL injection vulnerability in On... (How to Fix)

Q: What is the severity of CVE-2025-0207?

CVE-2025-0207 has a CVSS score of 7.3 (HIGH). This critical SQL injection vulnerability in Online Shoe Store 1.0 allows attackers to manipulate database queries through the password parameter in login.php. Attackers can potentially extract sensitive data, modify database contents, or gain unauthorized access. All deployments of Online Shoe Store 1.0 with the vulnerable login.php file are affected.

📋 TL;DR

This critical SQL injection vulnerability in Online Shoe Store 1.0 allows attackers to manipulate database queries through the password parameter in login.php. Attackers can potentially extract sensitive data, modify database contents, or gain unauthorized access. All deployments of Online Shoe Store 1.0 with the vulnerable login.php file are affected.

💻 Affected Systems

Products:

code-projects Online Shoe Store

Versions: 1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the default /function/login.php file are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Online Shoe Store by Code Projects

View all CVEs affecting Online Shoe Store →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, authentication bypass, privilege escalation, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized access to user credentials, personal information, and order data; potential for session hijacking or account takeover.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing successful exploitation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects web applications typically exposed to the internet.

🏢 Internal Only: MEDIUM - Internal applications could still be targeted by insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in the GitHub gist reference. SQL injection via password parameter requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Manually fix the vulnerability by implementing parameterized queries in login.php.

🔧 Temporary Workarounds

Implement Input Validation and Parameterized Queries

PHP

Modify login.php to use prepared statements with parameterized queries instead of concatenating user input into SQL statements.

Replace vulnerable SQL queries with PDO or mysqli prepared statements

Web Application Firewall (WAF) Rules

all

Deploy WAF rules to block SQL injection patterns targeting the login.php endpoint.

Configure WAF to detect and block SQL injection attempts on /function/login.php

🧯 If You Can't Patch

Isolate the vulnerable system behind a reverse proxy with strict input filtering
Implement network segmentation to limit database access from the web server

🔍 How to Verify

Check if Vulnerable:

Review login.php source code for SQL queries that concatenate the password parameter without proper sanitization.

Check Version:

Check file metadata or project documentation for version information

Verify Fix Applied:

Test login functionality with SQL injection payloads; successful login should fail with proper error handling.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in web server logs
Multiple failed login attempts with SQL syntax in password field
Database query errors from login.php

Network Indicators:

HTTP POST requests to /function/login.php containing SQL keywords in parameters
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="/function/login.php" AND (password CONTAINS "' OR" OR password CONTAINS "UNION" OR password CONTAINS "SELECT")

📊 Metadata

CVE ID: CVE-2025-0207

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.04% exploit probability (11.5th percentile)

Published: January 4, 2025

Last Updated: January 10, 2025

🔗 References

https://code-projects.org/ Product
https://gist.github.com/th4s1s/d10dfaebae75c8dbe54ad83d63725d81 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.290144 Permissions Required,VDB Entry
https://vuldb.com/?id.290144 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.474035 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0207, you might also want to check these: