CVE-2025-2672
Published: 23 March 2025
Summary
CVE-2025-2672 is a medium-severity Injection (CWE-74) vulnerability in Fabian Payroll Management System. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection by requiring validation of untrusted inputs like the 'bir' argument in /add_deductions.php.
Mitigates the vulnerability through timely identification, reporting, and correction of the SQL injection flaw in the Payroll Management System.
Enables detection of the SQL injection vulnerability via regular scanning of the application, facilitating remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing web app (/add_deductions.php) enables exploitation of public-facing applications (T1190) and data collection from databases via unrestricted query manipulation (T1213.006).
NVD Description
A vulnerability was found in code-projects Payroll Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_deductions.php. The manipulation of the argument bir leads to sql injection. The attack may be…
more
initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Deeper analysisAI
CVE-2025-2672 is a SQL injection vulnerability in code-projects Payroll Management System 1.0, affecting unknown processing in the /add_deductions.php file. The issue stems from manipulation of the "bir" argument, with other parameters potentially affected as well. Rated as critical with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), it maps to CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-89 (SQL Injection). The vulnerability was published on 2025-03-23T23:15:13.847.
A remote attacker with low privileges (PR:L) can exploit this over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables SQL injection, resulting in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L) within the unchanged scope (S:U).
Advisories referenced on VulDB (e.g., https://vuldb.com/?ctiid.300689, https://vuldb.com/?id.300689) and a GitHub disclosure (https://github.com/FoLaJJ/cve/blob/main/sqlcve.md) detail the issue, along with the project site (https://code-projects.org/). The exploit has been publicly disclosed and may be used, with no specific patches or mitigations mentioned in the available descriptions.
Details
- CWE(s)