Login Sign Up

CVE-2025-6891

7.3 HIGH
SQL Injection

📋 TL;DR

A critical SQL injection vulnerability exists in code-projects Inventory Management System 1.0, specifically in the createUser.php file's Username parameter. This allows remote attackers to execute arbitrary SQL commands on the database. All installations of version 1.0 are affected.

💻 Affected Systems

Products:
  • code-projects Inventory Management System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable. The vulnerability is in the core user creation functionality.

📦 What is this software?

Inventory Management System by Code Projects

View all CVEs affecting Inventory Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, authentication bypass, or full system takeover via SQL injection to RCE chaining.

🟠

Likely Case

Unauthorized data access, user account creation/modification, privilege escalation, and potential data exfiltration.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or partial data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub and vuldb. SQL injection via Username parameter requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Consider migrating to a supported inventory system or implementing custom fixes.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to sanitize Username input in createUser.php

Edit /php_action/createUser.php to implement parameterized queries or proper escaping

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

Add WAF rule: Detect and block SQL keywords in Username parameter

🧯 If You Can't Patch

  • Isolate the system from internet access and restrict to internal network only
  • Implement strict network segmentation and monitor all database queries from the application

🔍 How to Verify

Check if Vulnerable:

Test the /php_action/createUser.php endpoint with SQL injection payloads in Username parameter

Check Version:

Check system documentation or configuration files for version information

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and proper input validation is implemented

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login or user creation attempts with special characters

Network Indicators:

  • HTTP POST requests to createUser.php containing SQL keywords in parameters

SIEM Query:

source="web_logs" AND uri="/php_action/createUser.php" AND (param="Username" AND value CONTAINS "' OR " UNION " SELECT ")

📊 Metadata

CVE ID: CVE-2025-6891
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.04% exploit probability (12.4th percentile)
Published: June 30, 2025
Last Updated: July 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6891, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)