EUVD-2025-18770Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /paymentportal.php. The manipulation of the argument person leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
CVE-2025-6357 is a critical SQL injection vulnerability in code-projects Simple Pizza Ordering System version 1.0, specifically in the /paymentportal.php file where the 'person' parameter is not properly sanitized. An unauthenticated remote attacker can exploit this vulnerability with no user interaction required to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion of database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, increasing the likelihood of active exploitation.
Technical ContextAI
This vulnerability is rooted in CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component, 'Injection') and represents a classic SQL injection flaw. The /paymentportal.php endpoint fails to properly validate or parameterize user-supplied input from the 'person' parameter before incorporating it into SQL queries. The affected product is code-projects Simple Pizza Ordering System 1.0, a PHP-based web application commonly deployed in small business payment processing scenarios. The vulnerability allows attackers to manipulate SQL query logic by injecting malicious SQL syntax through the vulnerable parameter, bypassing authentication and access controls at the database level. This is particularly severe in payment processing contexts where sensitive customer and financial data resides.
RemediationAI
Immediate remediation steps: (1) Implement prepared statements/parameterized queries for the /paymentportal.php 'person' parameter and all database interactions—replace string concatenation with parameter binding using PHP PDO or mysqli prepared statements; (2) Deploy Web Application Firewall (WAF) rules to block SQL injection patterns (UNION, SELECT, OR 1=1, etc.) targeting /paymentportal.php; (3) Apply input validation using strict whitelisting for the 'person' parameter (e.g., alphanumeric only if applicable); (4) If a patched version exists from code-projects, upgrade immediately—check project repository (GitHub/SourceForge) for version 1.1 or later patches; (5) Conduct database activity monitoring and enable query logging to detect injection attempts; (6) Conduct urgent security audit of all other PHP files for similar injection vulnerabilities; (7) As a temporary stopgap, disable or restrict access to /paymentportal.php until patching is complete.
More from same product – last 7 days
Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a
Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo
Share
External POC / Exploit Code
Leaving vuln.today