CVE-2025-7196 is a SQL Injection vulnerability identified in version 1.0 of the web application 'Jonnys Liquor' developed by code-projects. The vulnerability exists in the /browse.php file, specifically in the handling of the 'Search' parameter. Improper sanitization or validation of this input allows an attacker to inject malicious SQL code, which can be executed by the backend database. This flaw can be exploited remotely without requiring authentication or user interaction, making it accessible to any attacker with network access to the application. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits have been observed in the wild yet. The CVSS 4.0 base score is 6.9, indicating a medium severity level. The vector details highlight that the attack vector is network-based (AV:N), with low complexity (AC:L), no privileges or user interaction needed (PR:N/UI:N), and partial impacts on confidentiality, integrity, and availability (VC:L/VI:L/VA:L). The scope remains unchanged (S:N). The vulnerability allows attackers to potentially read, modify, or delete sensitive data stored in the backend database, which could lead to data breaches, unauthorized data manipulation, or denial of service conditions depending on the database and application logic. The lack of available patches or mitigations at the time of disclosure increases the urgency for affected organizations to implement compensating controls.

For European organizations using Jonnys Liquor 1.0, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of their data. Exploitation could lead to unauthorized access to sensitive customer information, financial records, or inventory data, potentially violating GDPR requirements and resulting in regulatory penalties. The ability to remotely exploit the vulnerability without authentication increases the attack surface, making it easier for threat actors to target these organizations. Additionally, data manipulation or deletion could disrupt business operations, leading to financial losses and reputational damage. Given the public disclosure and absence of known exploits in the wild, there is a window of opportunity for attackers to develop and deploy exploit code, which European organizations must proactively address. The impact is particularly critical for businesses in retail, hospitality, or distribution sectors that rely on Jonnys Liquor for e-commerce or inventory management, as disruption or data compromise could have cascading effects on supply chains and customer trust.

Since no official patches are currently available, European organizations should implement immediate compensating controls. These include: 1) Applying Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the 'Search' parameter in /browse.php; 2) Conducting thorough input validation and sanitization on all user-supplied data, especially the 'Search' parameter, using parameterized queries or prepared statements if source code access is possible; 3) Restricting database user privileges to the minimum necessary to limit the impact of a successful injection; 4) Monitoring application logs and database queries for unusual or suspicious activity indicative of SQL injection attempts; 5) Isolating the affected application from critical internal networks to reduce lateral movement risk; 6) Planning for an urgent update or patch deployment once the vendor releases a fix; and 7) Educating development and security teams about secure coding practices to prevent similar vulnerabilities in future versions.