What is CVE-2025-0204?

A critical SQL injection vulnerability exists in Code-Projects Online Shoe Store 1.0. Remote attackers can exploit this flaw, leading to potential data breaches. Immediate action is required to mitigate risks.

What is the severity of CVE-2025-0204?

CVE-2025-0204 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-0204 | Medium Vulnerability in Code-Projects Online Shoe Store

A vulnerability was found in code-projects Online Shoe Store 1.0. This vulnerability allows the manipulation of the argument id in the file /details.php, leading to SQL injection. The attack may be initiated remotely, which increases the potential risk to organizations. The exploit for this vulnerability has been disclosed to the public and can be leveraged by attackers.

Rated as critical, this vulnerability poses a significant threat, particularly considering its low complexity. Organizations utilizing this software must understand the urgency to address it to prevent potential data breaches or unauthorized access.

The CVSS score of 5.3 indicates a medium severity level, but it is essential to recognize the critical nature of SQL injection vulnerabilities. Due to the nature of the threat, organizations should prioritize patching immediately.

Given the potential for exploitation, organizations are encouraged to actively monitor their systems and apply necessary updates. Failure to do so could lead to severe repercussions, including data loss and reputational damage.

Vulnerability Details

This vulnerability affects the Code-Projects Online Shoe Store version 1.0. Officially, it has been classified under CWE-89 (SQL Injection), indicating the vulnerability type. The CVSS version 3.1 has given it a score of 9.8, marking it as critical due to its potential impact on confidentiality, integrity, and availability.

The vulnerability was published on January 4, 2025, and has been analyzed thoroughly. The specific CWE classifications further underscore the nature of the threat posed by SQL injection vulnerabilities.

Technical Analysis

The root cause of this vulnerability stems from insufficient input validation in the processing of the id parameter within the /details.php file. Attackers can exploit this weakness through a network-based attack due to the low privileges required for exploitation.

The attack complexity is low, as no user interaction is needed, making this vulnerability particularly dangerous. The confidentiality, integrity, and availability impacts are all rated low, but the potential for remote exploitation necessitates immediate attention.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive data and potential data breaches that could stem from successful exploitation of this vulnerability. The blast radius is considerable, considering the nature of SQL injection attacks.

Given the CVSS score and the potential for remote exploitation, organizations should address this vulnerability in their priority patch cycle. Delays in remediation could lead to significant operational and reputational damage.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is Code-Projects Online Shoe Store version 1.0. All versions prior to vendor patch are vulnerable to this SQL injection attack.

Mitigation & Remediation

Organizations should prioritize patching immediately. To mitigate this vulnerability, updating to the latest version of the Online Shoe Store is essential. If a patch is unavailable, consider implementing input validation and sanitization measures to protect against SQL injection.

For further information on security measures, organizations can consult the application security assessment to enhance their security posture.

Detection Guidance

Monitoring logs for unusual access patterns, especially related to the /details.php file, is crucial. Organizations should look for any unexpected or unauthorized SQL queries in their logs as indicators of potential exploitation. Additionally, behavioral anomalies in user access should be flagged for further investigation.

AppSecure Threat Intelligence Insight

This vulnerability highlights the ongoing challenges of SQL injection attacks in web applications. Security teams must remain vigilant and continuously assess their systems for vulnerabilities.

To further enhance security, organizations should consider adopting web application penetration testing practices to identify and remediate such vulnerabilities proactively.

In summary, addressing vulnerabilities such as CVE-2025-0204 is crucial for maintaining security in web applications. Continuous monitoring and proactive security testing are essential strategies to mitigate risks.

Organizations should also engage in regular training and awareness programs to ensure that all team members understand the importance of security and are equipped to handle potential threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0204: Medium Vulnerability in Code-Projects Online Shoe Store