Skip to main content

CVE-2025-6777: SQL Injection in code-projects Food Distributor Site

Medium
VulnerabilityCVE-2025-6777cvecve-2025-6777
Published: Fri Jun 27 2025 (06/27/2025, 20:31:05 UTC)
Source: CVE Database V5
Vendor/Project: code-projects
Product: Food Distributor Site

Description

A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some unknown processing of the file /admin/process_login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 06/27/2025, 20:54:46 UTC

Technical Analysis

CVE-2025-6777 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Food Distributor Site, specifically within the /admin/process_login.php file. The vulnerability arises from improper handling of the username and password parameters, allowing an attacker to inject malicious SQL code. This injection can be performed remotely without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/AT:N/PR:N/UI:N). The vulnerability impacts the confidentiality, integrity, and availability of the underlying database, potentially allowing attackers to bypass authentication, extract sensitive data, modify or delete records, or even execute administrative commands on the database server. Although the CVSS score is 6.9 (medium severity), the vulnerability's characteristics—remote exploitability, no authentication required, and direct impact on login processing—make it a significant threat. No patches or mitigations have been publicly disclosed yet, and no known exploits are currently reported in the wild, but the public disclosure of the exploit details increases the risk of exploitation by attackers. The vulnerability affects only version 1.0 of the Food Distributor Site product, which is a web application used for managing food distribution operations. The lack of secure coding practices in input validation and parameterized queries in the login processing module is the root cause of this issue.

Potential Impact

For European organizations using the code-projects Food Distributor Site 1.0, this vulnerability poses a substantial risk. Exploitation can lead to unauthorized access to administrative functions, exposure of sensitive business and customer data, and potential disruption of food distribution operations. This can result in financial losses, reputational damage, and regulatory non-compliance, especially under GDPR requirements for protecting personal data. The ability to remotely exploit the vulnerability without authentication increases the attack surface, making it easier for threat actors to target organizations. If attackers gain control over the database, they could manipulate orders, inventory, or customer information, severely impacting supply chain integrity. Additionally, the disruption of critical food distribution services could have broader economic and social consequences. Given the critical nature of food supply chains, organizations in this sector must prioritize addressing this vulnerability to maintain operational continuity and data security.

Mitigation Recommendations

1. Immediate application of patches or updates from the vendor once available is essential. Since no patch links are currently provided, organizations should contact the vendor for guidance or consider upgrading to a newer, secure version if available. 2. Implement Web Application Firewall (WAF) rules to detect and block SQL injection patterns targeting the /admin/process_login.php endpoint, focusing on the username and password parameters. 3. Conduct a thorough code review and refactor the login processing code to use parameterized queries or prepared statements to prevent SQL injection. 4. Restrict access to the /admin directory by IP whitelisting or VPN-only access to reduce exposure. 5. Monitor logs for suspicious login attempts or unusual database queries that may indicate exploitation attempts. 6. Employ database-level protections such as least privilege principles for the database user accounts used by the application, limiting the potential damage of a successful injection. 7. Educate development and security teams on secure coding practices and conduct regular security assessments to identify similar vulnerabilities proactively.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-06-27T11:18:14.598Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 685f01806f40f0eb7266be79

Added to database: 6/27/2025, 8:39:28 PM

Last enriched: 6/27/2025, 8:54:46 PM

Last updated: 7/16/2025, 4:25:24 AM

Views: 19

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats