Login Sign Up

CVE-2025-11396

7.3 HIGH
SQL Injection

📋 TL;DR

This SQL injection vulnerability in Simple Food Ordering System 1.0 allows remote attackers to execute arbitrary SQL commands via the Category parameter in product.php. This could lead to data theft, modification, or deletion. Any organization using this software without proper input validation is affected.

💻 Affected Systems

Products:
  • Simple Food Ordering System
Versions: 1.0
Operating Systems: All platforms running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Affects installations with product.php accessible and Category parameter exposed.

📦 What is this software?

Simple Food Ordering System by Fabian

View all CVEs affecting Simple Food Ordering System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, data destruction, or remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized data access, modification of food ordering data, or potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permissions.

🌐 Internet-Facing: HIGH - Attack can be launched remotely and exploit is publicly available.
🏢 Internal Only: MEDIUM - Internal attackers could exploit, but external threat is higher.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection via Category parameter requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Implement parameterized queries in product.php to sanitize Category input.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize Category parameter before SQL query

Edit product.php to add: $category = mysqli_real_escape_string($conn, $_GET['Category']);

Web Application Firewall

all

Deploy WAF with SQL injection rules to block malicious requests

🧯 If You Can't Patch

  • Isolate the system from internet access and restrict to internal network only
  • Implement strict network segmentation and monitor all database queries

🔍 How to Verify

Check if Vulnerable:

Test product.php with SQL injection payloads like: product.php?Category=1' OR '1'='1

Check Version:

Check software version in admin panel or readme files

Verify Fix Applied:

Test with same payloads after implementing parameterized queries - should return error or no data

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple requests to product.php with special characters

Network Indicators:

  • HTTP requests containing SQL keywords like UNION, SELECT, OR in Category parameter

SIEM Query:

source="web_logs" AND uri="*product.php*" AND (query="*UNION*" OR query="*SELECT*" OR query="*OR*" OR query="*'*" OR query="*--*" OR query="*;*")

📊 Metadata

CVE ID: CVE-2025-11396
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.05% exploit probability (15.4th percentile)
Published: October 7, 2025
Last Updated: October 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11396, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)