CVE-2025-51970
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-11-13
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| puneethreddyhc | online_shopping_system_advanced | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-51970 is a SQL Injection vulnerability in the action.php endpoint of the Online Shopping System Advanced 1.0. It occurs because the application does not properly sanitize the user-supplied input in the 'keyword' POST parameter. This allows attackers to inject arbitrary SQL code into the database queries, potentially manipulating or retrieving sensitive data without authorization. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to retrieve sensitive data, manipulate or delete database records, execute administrative commands, and possibly execute code depending on the database configuration. This can lead to data breaches, loss of data integrity, unauthorized access, and potentially full system compromise. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted SQL injection payloads to the `keyword` POST parameter of the `action.php` endpoint and observing the responses. For example, you can use curl to send a POST request with a payload like `e%' AND ((42)=(43-1)) AND '0004XX7'!='0004XX7%` to confirm the vulnerability. Additionally, testing with payloads that perform database enumeration such as `SELECT database()` can help verify if the injection is successful. Example command: `curl -X POST -d "keyword=e%' AND ((42)=(43-1)) AND '0004XX7'!='0004XX7%" http://target/online-shopping-system-advanced-master/action.php`. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing prepared statements and parameterized queries to handle user inputs safely, sanitizing and validating all user-supplied data, applying least privilege principles to database user accounts, and ensuring all software dependencies and security patches are up to date. [1]