SQL Injection Vulnerability in Code-Projects Online Ordering System by Code-Projects
CVE-2025-8248

7.3HIGH

Key Information:

Vendor: Code-Projects
Status: Online Ordering System
Vendor: CVE Published:; 28 July 2025

🔔 Create Code-Projects Vulnerability Alert

What is CVE-2025-8248?

A SQL injection vulnerability has been identified in the Code-Projects Online Ordering System version 1.0, predominantly affecting the /signup.php file. By manipulating the 'firstname' argument, attackers can execute arbitrary SQL queries, potentially compromising the integrity and confidentiality of the database. This vulnerability can be exploited remotely, and while the 'firstname' parameter is specifically mentioned, other parameters may also be susceptible. Organizations using this system are urged to implement security measures to mitigate potential attacks.

References

https://code-projects.org/

https://github.com/xiajian-qx/cve-xiajian/issues/2

https://vuldb.com/?ctiid.317836

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025