PT-2025-31033 · Code Projects · Code-Projects Online Ordering System
Xiajian
·
Published
2025-07-28
·
Updated
2025-07-28
·
CVE-2025-8248
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
code-projects Online Ordering System version 1.0
Description
A critical vulnerability exists in code-projects Online Ordering System. The issue involves SQL injection, specifically through manipulation of the
firstname argument in the /signup.php file. This allows for remote exploitation. The exploit has been publicly disclosed. Other parameters may also be affected.Recommendations
code-projects Online Ordering System version 1.0: Sanitize the
firstname parameter to prevent SQL injection attacks.
code-projects Online Ordering System version 1.0: Review and sanitize all other input parameters to the /signup.php file to identify and address potential SQL injection vulnerabilities.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Code-Projects Online Ordering System