VDB-303559 · CVE-2025-3345 · GCVE-100-303559

codeprojects Online Restaurant Management System 1.0 /admin/combo.php del Suntikan SQL

Satu kelemahan keselamatan jenis kritikal telah dikenal pasti dalam codeprojects Online Restaurant Management System 1.0. Fungsi yang terlibat ialah fungsi yang tidak diketahui dalam fail /admin/combo.php. Perubahan ini pada parameter del mengakibatkan Suntikan SQL. Penggunaan CWE untuk mengisytiharkan masalah membawa kepada CWE-89. Kelemahan telah diterbitkan pada 06/04/2025. Penasihat ini tersedia untuk dimuat turun di github.com. Celah keselamatan ini dikenali sebagai CVE-2025-3345. Serangan boleh dilancarkan dari lokasi jauh. Maklumat teknikal boleh didapati. Tambahan pula, eksploit telah tersedia. Pendedahan eksploitasi telah berlaku kepada umum dan ia mungkin digunakan. Pada ketika ini, harga exploit dianggarkan kira-kira USD $0-$5k. Projek MITRE ATT&CK mengisytiharkan teknik serangan sebagai T1505. Ia ditetapkan sebagai bukti konsep. Eksploit ini dikongsi untuk dimuat turun di github.com. Sebagai 0-day, harga anggaran di pasaran gelap ialah sekitar $0-$5k. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 Perubahan · 98 Titik data

Medan	Dibuat 06/04/2025 02:38 PM	Dikemas kini 1/2 07/04/2025 12:03 PM	Dikemas kini 2/2 30/04/2025 03:49 PM
software_vendor	codeprojects	codeprojects	codeprojects
software_name	Online Restaurant Management System	Online Restaurant Management System	Online Restaurant Management System
software_version	1.0	1.0	1.0
software_file	/admin/combo.php	/admin/combo.php	/admin/combo.php
software_argument	del	del	del
vulnerability_cwe	CWE-89 (Suntikan SQL)	CWE-89 (Suntikan SQL)	CWE-89 (Suntikan SQL)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/p1026/CVE/issues/60	https://github.com/p1026/CVE/issues/60	https://github.com/p1026/CVE/issues/60
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/p1026/CVE/issues/60	https://github.com/p1026/CVE/issues/60	https://github.com/p1026/CVE/issues/60
source_cve	CVE-2025-3345	CVE-2025-3345	CVE-2025-3345
cna_responsible	VulDB	VulDB	VulDB
software_type	Hospitality Software	Hospitality Software	Hospitality Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	8.1
cvss3_meta_tempscore	6.6	6.9	7.9
cvss4_vuldb_bscore	6.9	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5	5.5
advisory_date	1743890400 (06/04/2025)	1743890400 (06/04/2025)	1743890400 (06/04/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/combo.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/combo.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		N	N
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		6.9	6.9
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		7.3	7.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		7.5	7.5
cve_nvd_summaryes			Se encontró una vulnerabilidad en codeprojects Online Restaurant Management System 1.0. Se ha declarado crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/combo.php. La manipulación del argumento "del" provoca una inyección SQL. El ataque puede ejecutarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8

◂ Sebelum Gambaran Seterusnya ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!