CVE-2025-1191
📋 TL;DR
This vulnerability allows remote attackers to execute SQL injection attacks via the 'breject_id' parameter in the /dashboard/approve-reject.php file of SourceCodester Multi Restaurant Table Reservation System 1.0. Attackers can potentially read, modify, or delete database content. All deployments of version 1.0 are affected.
💻 Affected Systems
- SourceCodester Multi Restaurant Table Reservation System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data manipulation, or complete system takeover via SQL injection to RCE chaining.
Likely Case
Unauthorized data access, privilege escalation, or data manipulation in the reservation system database.
If Mitigated
Limited impact if proper input validation and WAF rules block malicious SQL payloads.
🎯 Exploit Status
Exploit requires access to the dashboard, suggesting authentication may be needed. Public exploit details exist in GitHub repository.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.sourcecodester.com/
Restart Required: No
Instructions:
No official patch available. Consider applying input validation fixes manually or replacing the system.
🔧 Temporary Workarounds
Input Validation and Parameterized Queries
allModify approve-reject.php to validate and sanitize the breject_id parameter using prepared statements.
Replace vulnerable SQL queries with parameterized queries using PDO or mysqli prepared statements.
Web Application Firewall (WAF) Rules
allDeploy WAF rules to block SQL injection patterns targeting the approve-reject.php endpoint.
Configure WAF to block requests containing SQL keywords (UNION, SELECT, INSERT, etc.) in breject_id parameter.
🧯 If You Can't Patch
- Restrict network access to the application using firewall rules to only trusted IP addresses.
- Implement strong authentication and monitor dashboard access logs for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Test the /dashboard/approve-reject.php endpoint with SQL injection payloads in the breject_id parameter.Check Version:
Check application version in admin panel or configuration files.Verify Fix Applied:
Verify that SQL injection payloads no longer execute and return error messages or are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed login attempts followed by SQL payloads in request parameters
Network Indicators:
- HTTP requests to /dashboard/approve-reject.php containing SQL keywords in parameters
SIEM Query:
source="web_logs" AND uri="/dashboard/approve-reject.php" AND (param="breject_id" AND value MATCH "(?i)(UNION|SELECT|INSERT|DELETE|--|#)")🔗 References
- https://github.com/Keyand/Multi-Restaurant-Table-Reservation-System-Search/blob/main/Multi%20Restaurant%20Table%20Reservation%20System%20approve-reject.php%20has%20Sqlinjection.pdf
- https://vuldb.com/?ctiid.295097
- https://vuldb.com/?id.295097
- https://vuldb.com/?submit.496729
- https://www.sourcecodester.com/
