CVE-2025-22976

High

Published: 15 January 2025

Published

15 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0006 19.0th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22976 is a high-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validating the shopId input parameter for correctness and malicious content to prevent SQL injection exploitation.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and correction of the SQL injection flaw in checkOrder.php to eliminate the vulnerability.

SI-9 Information Input Restrictions partial match

prevent

Enforces restrictions on shopId inputs such as type, length, and format to block malformed SQL payloads before processing.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

SQL injection vulnerability allows local low-privileged attacker to inject payloads leading to arbitrary code execution and high integrity impact, directly enabling exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module.

Deeper analysisAI

CVE-2025-22976 is a SQL injection vulnerability (CWE-89) in dingfanzuCMS version 1.0, specifically affecting the shopId parameter in the checkOrder.php module due to inadequate input filtering. This flaw enables a local attacker with low privileges to inject malicious SQL payloads, potentially leading to arbitrary code execution. The vulnerability received a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts without affecting availability.

A local attacker who has obtained low-privilege access to the system can exploit this vulnerability by crafting and submitting a malicious shopId value to the checkOrder.php endpoint. Successful exploitation allows the attacker to execute arbitrary SQL queries, which could result in data exfiltration, modification of database contents, or escalation to arbitrary code execution on the underlying server.

For mitigation details, refer to the advisory at https://github.com/xiaosguang/cve/blob/main/dingfanzu/dingfanzu-CMS%20checkOrder.php%20shopId%20SQL-inject.md, published alongside the CVE on 2025-01-15.

Details

CWE(s): CWE-89

CVEs Like This One

CVE-2025-47954Shared CWE-89

CVE-2025-48650Shared CWE-89

CVE-2025-61943Shared CWE-89

CVE-2025-66678Shared CWE-89

CVE-2026-33288Shared CWE-89

CVE-2025-59499Shared CWE-89

CVE-2026-26116Shared CWE-89

CVE-2025-49759Shared CWE-89

CVE-2025-53727Shared CWE-89

CVE-2025-26200Shared CWE-89

References

https://github.com/xiaosguang/cve/blob/main/dingfanzu/dingfanzu-CMS%20checkOrder.php%20shopId%20SQL-inject.md
cve@mitre.org