What is CVE-2025-1192?

A medium-severity SQL injection vulnerability exists in the SourceCodester Multi Restaurant Table Reservation System. Organizations using this system should prioritize patching to mitigate potential exploits.

What is the severity of CVE-2025-1192?

CVE-2025-1192 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-1192 | Medium Vulnerability in Janobe Multi Restaurant Table Reservation System

A vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0. It has been classified as critical. Affected is an unknown function of the file select-menu.php. The manipulation of the argument table leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Risk to organizations includes unauthorized access to sensitive data and potential system compromise.

The CVSS score of this vulnerability is 5.3, indicating a medium severity level. Organizations using this system should address it in their priority patch cycle to prevent exploitation. The attack vector is network-based, with low complexity, requiring low privileges and no user interaction.

Given the nature of the vulnerability and its potential impact, organizations should prioritize patching immediately.

The vulnerability has been assigned identifiers: CWE-74 and CWE-89, relating to improper neutralization of special elements used in an SQL command.

Vulnerability Details

This vulnerability allows an attacker to exploit SQL injection through the select-menu.php file in the SourceCodester Multi Restaurant Table Reservation System. The attack can be executed remotely and does not require high privileges or user interaction.

The CVSS v3.1 score for this vulnerability is 8.8, indicating a high severity, which reflects the potential for significant impact on confidentiality, integrity, and availability of the system.

Technical Analysis

The root cause of this vulnerability lies in improper input validation, allowing an attacker to manipulate SQL queries executed by the application. The attack vector is through network access, and it has low attack complexity. Privileges required are low, meaning that an attacker does not need special permissions to exploit this vulnerability.

User interaction is not required, making this vulnerability particularly dangerous. The impact on confidentiality, integrity, and availability is classified as low, but the potential for exploitation remains high given the public disclosure of the exploit.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive data, potential data corruption, and compromised system integrity. This vulnerability can have a significant blast radius, affecting all installations of the affected product. Organizations should assess their exposure and prioritize remediation based on the CVSS score of 8.8.

Organizations should address this vulnerability in their priority patch cycle, especially considering the public disclosure of the exploit. Implementing robust input validation and regular security assessments can help mitigate similar risks in the future.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include all versions of the SourceCodester Multi Restaurant Table Reservation System 1.0 prior to vendor patch.

Mitigation & Remediation

Organizations should implement the following recommendations to mitigate this vulnerability: apply the latest patches, enhance input validation, and conduct regular security assessments. For more information on security testing practices, organizations can refer to penetration testing to identify and remediate vulnerabilities.

Detection Guidance

Monitoring for unusual database queries or errors in application logs can help detect potential exploitation attempts. Additionally, organizations should look for behavioral anomalies in user interactions with the application.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential to expose sensitive information and disrupt services. Security teams should recognize the trend of SQL injection vulnerabilities and implement comprehensive security measures.

Organizations are encouraged to enhance their application security frameworks and conduct regular security assessments to safeguard against such vulnerabilities. For more insights, refer to the following resources: penetration testing methodology, vulnerability management program design, and API penetration testing best practices to strengthen defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1192: Medium Vulnerability in Janobe Multi Restaurant Table Reservation System