SourceCodester Bakeshop Online Ordering System passwordrecover.php sql injection_CVE-2025-9660

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in SourceCodester Bakeshop Online Ordering System 1.0. The impacted element is an unknown function of the file /passwordrecover.php. Performing manipulation of the argument phonenumber results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Basic Information

ID CVE-2025-9660

Source VulDB

Published Aug 29, 2025 at 16:32

Modified Aug 29, 2025 at 16:59

Affected Product

Vendor SourceCodester

Product Bakeshop Online Ordering System

Version 1.0

Affected Versions SourceCodester Bakeshop Online Ordering System 1.0

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was found in SourceCodester Bakeshop Online Ordering System 1.0. The impacted element is an unknown function of the file /passwordrecover.php. Performing manipulation of the argument phonenumber results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
    "published": "2025-08-29T16:32:06.943Z",
    "modified": "2025-08-29T16:59:21.843Z",
    "type": "cve",
    "title": "SourceCodester Bakeshop Online Ordering System passwordrecover.php sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321868\nhttps://vuldb.com/?ctiid.321868\nhttps://vuldb.com/?submit.637236\nhttps://github.com/daimabiabia/cve/issues/1\nhttps://www.sourcecodester.com/",
    "id": "CVE-2025-9660",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "SourceCodester Bakeshop Online Ordering System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Bakeshop Online Ordering System",
    "version": "1.0",
    "vendor": "SourceCodester",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}