CVE-2025-13582 – CVE-2025-13582 is a SQL injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2025-13582?

CVE-2025-13582 has a CVSS score of 7.3 (HIGH). CVE-2025-13582 is a SQL injection vulnerability in Jonnys Liquor 1.0 that allows attackers to execute arbitrary SQL commands through the Product parameter in /detail.php. This affects all users running the vulnerable software version. Remote exploitation is possible without authentication.

📋 TL;DR

CVE-2025-13582 is a SQL injection vulnerability in Jonnys Liquor 1.0 that allows attackers to execute arbitrary SQL commands through the Product parameter in /detail.php. This affects all users running the vulnerable software version. Remote exploitation is possible without authentication.

💻 Affected Systems

Products:

Jonnys Liquor

Versions: 1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the GET parameter handler in /detail.php component. All installations of version 1.0 are vulnerable.

📦 What is this software?

Jonnys Liquor by Anisha

View all CVEs affecting Jonnys Liquor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential remote code execution if database permissions allow.

🟠

Likely Case

Database information disclosure, data manipulation, and potential authentication bypass.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit has been released to public. SQL injection via Product parameter requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Consider workarounds or alternative software.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize Product parameter before SQL query

Modify /detail.php to validate Product parameter using prepared statements or parameterized queries

Web Application Firewall Rule

all

Block SQL injection patterns in Product parameter

Add WAF rule to detect and block SQL injection patterns in GET parameters

🧯 If You Can't Patch

Implement network segmentation to restrict access to vulnerable system
Deploy web application firewall with SQL injection detection rules

🔍 How to Verify

Check if Vulnerable:

Test /detail.php?Product=1' OR '1'='1 to check for SQL error responses

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Test with same payload after implementing fixes - should return normal error or no data

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in web server logs
Multiple requests with SQL keywords in Product parameter

Network Indicators:

HTTP requests containing SQL injection patterns in GET parameters

SIEM Query:

source="web_logs" AND (uri="*detail.php*" AND query="*Product=*'*" OR query="*Product=*%27*")

📊 Metadata

CVE ID: CVE-2025-13582

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.04% exploit probability (11.4th percentile)

Published: November 24, 2025

Last Updated: December 2, 2025

🔗 References

https://code-projects.org/ Product
https://github.com/rassec2/dbcve/issues/5 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.333346 Permissions Required,VDB Entry
https://vuldb.com/?id.333346 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.699554 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13582, you might also want to check these: