CVE-2025-69564 – CVE-2025-69564 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-69564?

CVE-2025-69564 has a CVSS score of 9.8 (CRITICAL). CVE-2025-69564 is a critical SQL injection vulnerability in code-projects Mobile Shop Management System 1.0 that allows attackers to execute arbitrary SQL commands through multiple parameters in the ExAddNewUser.php endpoint. This affects all deployments of version 1.0 of this software. Attackers can potentially read, modify, or delete database contents, including sensitive user and business data.

📋 TL;DR

CVE-2025-69564 is a critical SQL injection vulnerability in code-projects Mobile Shop Management System 1.0 that allows attackers to execute arbitrary SQL commands through multiple parameters in the ExAddNewUser.php endpoint. This affects all deployments of version 1.0 of this software. Attackers can potentially read, modify, or delete database contents, including sensitive user and business data.

💻 Affected Systems

Products:

code-projects Mobile Shop Management System

Versions: 1.0

Operating Systems: All operating systems running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 1.0 are vulnerable. The vulnerability exists in the default installation with no special configuration required.

📦 What is this software?

Mobile Shop Management System by Fabian

View all CVEs affecting Mobile Shop Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized access to sensitive customer and business data, including personal information, financial records, and inventory data.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing data viewing but not modification.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is typically exposed to the internet in web applications, making it easily accessible to attackers.

🏢 Internal Only: MEDIUM - Even internal deployments are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and has public proof-of-concept references. Exploitation is straightforward with standard SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider replacing with alternative software or implementing custom fixes with parameterized queries and input validation.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block SQL injection patterns targeting the ExAddNewUser.php endpoint parameters.

Input Validation Filter

all

Add input validation to sanitize Name, Address, email, UserName, Password, confirm_password, Role, Branch, and Activate parameters before processing.

🧯 If You Can't Patch

Isolate the system behind a firewall and restrict access to authorized IP addresses only.
Implement database-level controls with minimal permissions and enable database logging for suspicious queries.

🔍 How to Verify

Check if Vulnerable:

Test the ExAddNewUser.php endpoint with SQL injection payloads in the vulnerable parameters (e.g., Name=' OR '1'='1).

Check Version:

Check the software version in the application interface or configuration files.

Verify Fix Applied:

Verify that parameterized queries are implemented and input validation rejects SQL injection attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts or user creation attempts with SQL-like patterns
Access to ExAddNewUser.php with suspicious parameter values

Network Indicators:

HTTP POST requests to ExAddNewUser.php containing SQL keywords in parameters
Unusual traffic patterns to the vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="/ExAddNewUser.php" AND (param="Name" OR param="Address" OR param="email" OR param="UserName" OR param="Password" OR param="confirm_password" OR param="Role" OR param="Branch" OR param="Activate") AND (value="*OR*" OR value="*UNION*" OR value="*SELECT*" OR value="*INSERT*" OR value="*DELETE*")

📊 Metadata

CVE ID: CVE-2025-69564

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.04% exploit probability (10.1th percentile)

Published: January 27, 2026

Last Updated: February 2, 2026

🔗 References

https://gist.github.com/lih28984-commits/87eacfc32186020a04e03a2af448723f Third Party Advisory
https://gitee.com/Z_180yc/zyy/issues/IDCEJP Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69564, you might also want to check these: