CVE-2025-1192
Published: 12 February 2025
Description
Adversaries may leverage databases to mine valuable information.
Security Summary
CVE-2025-1192 is a SQL injection vulnerability affecting SourceCodester Multi Restaurant Table Reservation System 1.0. The issue resides in an unknown function within the file select-menu.php, where manipulation of the "table" argument enables SQL injection. Published on 2025-02-12, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and is associated with CWE-74 and CWE-89.
The vulnerability can be exploited remotely by a low-privileged user (PR:L) over the network (AV:N) with low complexity (AC:L) and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), potentially enabling unauthorized data access, modification, or disruption within the application's database.
Advisories from VulDB (ctiid.295098, id.295098, submit.496730) confirm the remote attack vector and public disclosure of the exploit. A proof-of-concept is detailed in a GitHub-hosted PDF analyzing the select-menu.php SQL injection. The vendor site at sourcecodester.com provides the affected software but no specific patch or mitigation guidance is referenced in the available advisories.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
SQL injection in public-facing web application (select-menu.php) enables exploitation of public-facing application (T1190) and data collection from databases (T1213.006).