### Key Information #### Vulnerability Overview - **CVE ID**: CVE-2025-61455 - **Disclosure Date**: October 13, 2025 - **Severity**: CRITICAL (CVSS v3.1: 9.8) #### Affected Product - **Vendor**: Independent (Bhavishtya-123) - **Project**: E-commerce - **Version**: v1.0 - **File**: signup.inc.php - **Vulnerable Endpoint**: `http://localhost/e-commerce/main/includes/signup.inc.php` #### Vulnerability Details - The application directly uses unvalidated user input in SQL queries, specifically in the `email` parameter within the `signup.inc.php` file. - Attackers can inject malicious SQL code via the `email` parameter, enabling a time-based blind SQL injection attack. #### CWE Classification - **CWE ID**: CWE-89 - SQL Injection #### CVSS Score - **Score**: 9.8 - **Severity**: CRITICAL - **Vector String**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H #### Impact - Successful exploitation may lead to: - Complete bypass of authentication - Unauthorized access to privileged functions - Data exposure - Data manipulation or deletion - Full compromise of the backend database - Potential for remote code execution #### Proof of Concept (PoC) 1. Clone the repository: `git clone https://github.com/Bhavishtya-123/e-commerce.git` 2. Host locally: Deploy the project using XAMPP/LAMP and navigate to `http://localhost/e-commerce/main/includes/signup.inc.php` 3. Inject payload: Send a malicious HTTP POST request containing a time-delay SQL injection payload. #### Recommended Mitigations - Replace dynamic SQL queries with prepared statements - Validate and sanitize all user inputs - Deploy a Web Application Firewall (WAF) to block known SQL injection patterns - Conduct regular code reviews and penetration testing - Implement parameterized queries - Use whitelisting for input validation where possible