CVE-2025-4786 – This critical SQL injection vulnerability in So... (How to Fix)

Q: What is the severity of CVE-2025-4786?

CVE-2025-4786 has a CVSS score of 6.3 (MEDIUM). This critical SQL injection vulnerability in SourceCodester/oretnom23 Stock Management System 1.0 allows attackers to manipulate database queries via the ID parameter in the /admin/?page=return/view_return endpoint. Attackers can potentially read, modify, or delete database contents, and the vulnerability can be exploited remotely without authentication. All users running the vulnerable version of this stock management system are affected.

📋 TL;DR

This critical SQL injection vulnerability in SourceCodester/oretnom23 Stock Management System 1.0 allows attackers to manipulate database queries via the ID parameter in the /admin/?page=return/view_return endpoint. Attackers can potentially read, modify, or delete database contents, and the vulnerability can be exploited remotely without authentication. All users running the vulnerable version of this stock management system are affected.

💻 Affected Systems

Products:

SourceCodester/oretnom23 Stock Management System

Versions: 1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Stock Management System by Oretnom23

View all CVEs affecting Stock Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, privilege escalation to admin access, and potential server takeover via SQL injection to RCE chaining.

🟠

Likely Case

Unauthorized data access, data manipulation, extraction of sensitive information like user credentials, and potential authentication bypass.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation preventing database access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub, making this easily weaponizable by attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative software or implementing custom fixes with parameterized queries and input validation.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection rules to block malicious requests to the vulnerable endpoint.

Input Validation Filter

linux

Implement server-side input validation to sanitize the ID parameter before processing.

Example PHP: if(!is_numeric($_GET['ID'])) { die('Invalid input'); }

🧯 If You Can't Patch

Isolate the system from internet access and restrict to internal network only.
Implement strict network segmentation to limit database access from the application server.

🔍 How to Verify

Check if Vulnerable:

Test the /admin/?page=return/view_return endpoint with SQL injection payloads like: ID=1' OR '1'='1

Check Version:

Check the software version in the application's admin panel or configuration files.

Verify Fix Applied:

Verify that SQL injection payloads no longer work and that parameterized queries are implemented in the PHP code.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts following SQL injection patterns
Requests to /admin/?page=return/view_return with suspicious ID parameters

Network Indicators:

Unusual database connection patterns from the application server
Outbound database queries containing SQL injection payloads

SIEM Query:

source="web_logs" AND uri="/admin/?page=return/view_return" AND (query="*' OR*" OR query="*UNION*" OR query="*SELECT*" OR query="*--*" OR query="*/*")

📊 Metadata

CVE ID: CVE-2025-4786

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.07% exploit probability (21.5th percentile)

Published: May 16, 2025

Last Updated: May 23, 2025

🔗 References

https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/Return-List/info.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.309095 Permissions Required,VDB Entry
https://vuldb.com/?id.309095 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.572297 Third Party Advisory,VDB Entry
https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/Return-List/info.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4786, you might also want to check these: