Login Sign Up

CVE-2025-3018

6.3 MEDIUM
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in SourceCodester Online Eyewear Shop 1.0 allows attackers to manipulate database queries through the /classes/Users.php?f=delete endpoint. Remote attackers can potentially access, modify, or delete sensitive data in the database. All deployments of this specific e-commerce software version are affected.

💻 Affected Systems

Products:
  • SourceCodester Online Eyewear Shop
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Any installation using the default configuration is vulnerable. The vulnerability exists in the user deletion functionality.

📦 What is this software?

Online Eyewear Shop by Oretnom23

View all CVEs affecting Online Eyewear Shop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including theft of customer PII, payment data, admin credentials, and potential remote code execution leading to full system takeover.

🟠

Likely Case

Data exfiltration of user information, session hijacking, privilege escalation, and potential defacement or data destruction.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permissions restricting unauthorized access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available on GitHub. Attack requires some level of access to the user deletion function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sourcecodester.com/

Restart Required: No

Instructions:

No official patch available. Implement parameterized queries in /classes/Users.php, validate and sanitize all user inputs, especially the ID parameter.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add strict input validation to the ID parameter in the delete function to only accept expected values

Web Application Firewall Rules

all

Implement WAF rules to block SQL injection patterns targeting the /classes/Users.php endpoint

🧯 If You Can't Patch

  • Isolate the application behind a reverse proxy with strict input filtering
  • Implement database-level controls: restrict application database user permissions, enable logging of all database queries

🔍 How to Verify

Check if Vulnerable:

Test the /classes/Users.php?f=delete endpoint with SQL injection payloads in the ID parameter

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Verify that parameterized queries are implemented and SQL injection attempts are properly rejected

📡 Detection & Monitoring

Log Indicators:

  • Unusual database queries from web application, multiple failed delete attempts, SQL syntax errors in logs

Network Indicators:

  • HTTP requests to /classes/Users.php with SQL keywords in parameters

SIEM Query:

source="web_logs" AND uri="/classes/Users.php" AND (param="ID" AND value CONTAINS "UNION" OR "SELECT" OR "--" OR "' OR '")

📊 Metadata

CVE ID: CVE-2025-3018
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.14% exploit probability (33.9th percentile)
Published: March 31, 2025
Last Updated: April 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3018, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)