漏洞平台

POC详情： 7fa5df9caa76dbe75842fbb7c0ffe51bc1ebcd78

来源

https://github.com/bx33661/CVE-2025-7461

关联漏洞

标题： Code-Projects Modern Bag 注入漏洞 (CVE-2025-7461)
描述：Code-Projects Modern Bag是Code-Projects开源的一个在线管理系统。 Code-Projects Modern Bag 1.0版本存在注入漏洞，该漏洞源于对文件/action.php中参数proId的错误操作导致SQL注入。

介绍

# CVE-2025-7461: SQL Injection Vulnerability Analysis in Modern Bag E-commerce System

🌐 **Language / 语言**: **English** | [简体中文](README_zh.md)

---

## Vulnerability Overview

**Vulnerability Database:**
[https://vuldb.com/?id.316112](https://vuldb.com/?id.316112)

**Project Source:**
[https://code-projects.org/modern-bag-in-php-css-javascript-and-mysql-free-download/](https://code-projects.org/modern-bag-in-php-css-javascript-and-mysql-free-download/)

| Item | Details |
|------|---------|
| **Product Name** | Modern Bag E-commerce System |
| **Version** | V1.0 |
| **Vulnerability Type** | SQL Injection (Boolean-based blind, Error-based, Time-based blind) |
| **Affected File** | `/action.php` |
| **Severity Level** | Medium |
| **CVSS 3.1 Score** | **6.9** |

## Detailed Vulnerability Analysis

### Vulnerability Location
**Primary Vulnerability Point:** Lines 272-289 in `action.php`

```php
// Vulnerable code
if (isset($_POST["addToProduct"])) {
    if (isset($_SESSION["uid"])) {
        $p_id = $_POST["proId"];  // Direct user input retrieval
        $user_id = $_SESSION["uid"];
        
        // Direct concatenation into SQL query without any filtering
        $sql = "SELECT * FROM cart WHERE p_id = '$p_id' AND user_id = '$user_id'";
        $run_query = mysqli_query($con, $sql);
        $count = mysqli_num_rows($run_query);
        // ... subsequent code
    }
}
```

### 🔬 Root Cause Analysis

#### **Lack of Input Validation**
```php
$p_id = $_POST["proId"]; 
```
The application directly accepts user input from the `proId` parameter without any validation or sanitization.

#### **String Concatenation for SQL Construction**
```php
$sql = "SELECT * FROM cart WHERE p_id = '$p_id' AND user_id = '$user_id'";
```
The SQL query is constructed using direct string concatenation, making it vulnerable to injection attacks.

#### **Inadequate Error Handling**
```php
$run_query = mysqli_query($con, $sql)
    or die(mysqli_error($con));  // ❌ Direct exposure of database errors
```
Database errors are directly exposed to attackers, providing valuable information for exploitation.

---
**Report Prepared:** 2025
**Vulnerability ID:** CVE-2025-7461
**Severity:** Medium (CVSS 3.1: 6.9)
**Status:** Disclosed

文件快照


 [4.0K]  /data/pocs/7fa5df9caa76dbe75842fbb7c0ffe51bc1ebcd78
├── [2.2K]  README.md
└── [2.7K]  README_zh.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。