Login Sign Up

CVE-2025-0296

6.3 MEDIUM
SQL Injection

📋 TL;DR

CVE-2025-0296 is a critical SQL injection vulnerability in code-projects Online Book Shop 1.0 that allows remote attackers to execute arbitrary SQL commands via the 'subcatid' parameter in /booklist.php. This affects all deployments of Online Book Shop 1.0, potentially compromising database confidentiality, integrity, and availability.

💻 Affected Systems

Products:
  • code-projects Online Book Shop
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of version 1.0 are vulnerable. The vulnerability is in the core application code.

📦 What is this software?

Online Book Shop by Code Projects

View all CVEs affecting Online Book Shop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information (user credentials, payment data), and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available in the GitHub gist reference. Attack requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative software or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation for the subcatid parameter to only accept expected values.

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting /booklist.php with subcatid parameter.

🧯 If You Can't Patch

  • Isolate the application behind a reverse proxy with strict input filtering
  • Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Test /booklist.php with SQL injection payloads in subcatid parameter (e.g., ' OR '1'='1). Monitor for database errors or unexpected responses.

Check Version:

Check application version in admin panel or configuration files.

Verify Fix Applied:

Test with same payloads after implementing fixes; should receive proper error handling or sanitized responses.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in application logs
  • Multiple requests to /booklist.php with suspicious subcatid values
  • Database query errors containing SQL syntax

Network Indicators:

  • HTTP requests to /booklist.php with SQL keywords in parameters
  • Unusual database connection patterns from application server

SIEM Query:

source="web_logs" AND uri="/booklist.php" AND (param="subcatid" AND value MATCHES "(?i)(union|select|insert|update|delete|drop|or|and|--|#|;)")

📊 Metadata

CVE ID: CVE-2025-0296
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.12% exploit probability (30.3th percentile)
Published: January 7, 2025
Last Updated: September 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0296, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)