CVE-2025-13449
📋 TL;DR
This SQL injection vulnerability in code-projects Online Shop Project 1.0 allows attackers to manipulate database queries through the password parameter in login.php. Attackers can potentially access, modify, or delete sensitive data including user credentials and payment information. All deployments of version 1.0 with the vulnerable login.php file are affected.
💻 Affected Systems
- code-projects Online Shop Project
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, authentication bypass, privilege escalation, and potential remote code execution if database permissions allow.
Likely Case
Unauthorized data access including user credentials, personal information, and potentially payment data extraction.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.
🎯 Exploit Status
Public exploit available on GitHub. Attack requires no authentication and can be performed remotely.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://code-projects.org/
Restart Required: No
Instructions:
1. Check code-projects.org for official patch or updated version. 2. If no patch available, implement workarounds. 3. Replace vulnerable login.php with secure implementation using parameterized queries.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd server-side validation and sanitization for password parameter
Modify login.php to include: $password = mysqli_real_escape_string($conn, $_POST['Password']);
Web Application Firewall Rule
allBlock SQL injection patterns in login requests
Add WAF rule: Detect and block SQL keywords in password parameter
🧯 If You Can't Patch
- Implement network segmentation to isolate the vulnerable system
- Deploy a web application firewall with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Test login.php with SQL injection payloads like ' OR '1'='1 in password field and observe database errors or unexpected behavior.Check Version:
Check project files for version information or review installation documentation.Verify Fix Applied:
Attempt SQL injection attacks after fixes; successful attacks should be blocked and proper error handling should be in place.📡 Detection & Monitoring
Log Indicators:
- SQL syntax errors in web server logs
- Multiple failed login attempts with SQL keywords
- Unusual database query patterns from web application
Network Indicators:
- HTTP POST requests to login.php containing SQL keywords in parameters
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND uri="/login.php" AND (message="*sql*" OR message="*syntax*" OR param="*OR*" OR param="*UNION*" OR param="*SELECT*")