CVE-2025-13582 identifies a SQL injection vulnerability in the code-projects Jonnys Liquor 1.0 application, specifically within the /detail.php component that handles GET parameters. The vulnerability arises from improper sanitization of the 'Product' parameter, allowing an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. This can lead to unauthorized data access, modification, or deletion within the backend database. The vulnerability is exploitable over the network with low attack complexity and no privileges required, as indicated by the CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N). The impact on confidentiality, integrity, and availability is limited but significant enough to warrant concern, as attackers could extract sensitive information or corrupt data. Although no active exploits have been observed in the wild, the public availability of an exploit increases the likelihood of attacks. The lack of patches at the time of disclosure necessitates immediate mitigation through secure coding practices such as input validation and the use of parameterized queries. Organizations relying on this software should prioritize vulnerability assessment and remediation to prevent potential breaches.

For European organizations, this vulnerability poses a risk of unauthorized access to sensitive customer and business data stored in the Jonnys Liquor application database. Exploitation could lead to data leakage, loss of data integrity, or disruption of service availability, impacting business operations and customer trust. Retailers and e-commerce platforms using this software may face regulatory repercussions under GDPR if personal data is compromised. The medium severity score reflects a moderate but tangible threat, especially given the remote and unauthenticated nature of the exploit. The public release of an exploit increases the urgency for European entities to address this vulnerability promptly. Additionally, the potential for data manipulation could affect inventory management and sales reporting, leading to financial losses and reputational damage.

1. Immediately audit all instances of code-projects Jonnys Liquor 1.0 for the presence of the vulnerable /detail.php component. 2. Implement strict input validation and sanitization on the 'Product' GET parameter to reject or neutralize malicious input. 3. Refactor database queries to use parameterized statements or prepared queries to prevent SQL injection. 4. Monitor network traffic and application logs for unusual or suspicious requests targeting the 'Product' parameter. 5. Restrict access to the affected application components via web application firewalls (WAFs) with custom rules blocking SQL injection patterns. 6. Engage with the vendor or community to obtain patches or updates addressing this vulnerability and apply them as soon as available. 7. Conduct regular security assessments and penetration testing focusing on injection flaws. 8. Educate developers and administrators on secure coding and configuration practices to prevent similar vulnerabilities.