CVE-2025-2846

HighPublic PoC

Published: 27 March 2025

Published

27 March 2025

Modified

14 May 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0021 42.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2846 is a high-severity Injection (CWE-74) vulnerability in Oretnom23 Online Eyewear Shop. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 requires validation and sanitization of all inputs, directly preventing SQL injection exploitation of the manipulable ID argument in the registration function.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates identification, reporting, and correction of system flaws, enabling timely patching of the SQL injection vulnerability in Users.php.

SC-7 Boundary Protection partial match

preventdetect

SC-7 implements boundary protection such as web application firewalls to block and detect SQL injection payloads targeting the vulnerable public endpoint.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

T1505 Server Software Component Persistence

Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

SQL injection in public-facing web application registration endpoint (Users.php?f=registration) enables exploitation of public-facing applications (T1190), abuse of server software components (T1505), and data collection from databases (T1213.006).

NVD Description

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipulation of the argument ID leads to sql injection. The attack can…

be initiated remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-2846 is a critical SQL injection vulnerability in SourceCodester Online Eyewear Shop 1.0, affecting the registration function within the file /oews/classes/Users.php?f=registration of the Registration component. The issue arises from manipulation of the ID argument, classified under CWE-74 and CWE-89, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). It was published on 2025-03-27.

The vulnerability can be exploited remotely by unauthenticated attackers with low complexity, requiring no privileges or user interaction. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling data extraction, modification, or disruption through SQL injection.

Advisories from VulDB (ctiid.301492, id.301492, submit.522326) document the issue, and a proof-of-concept exploit is publicly available on GitHub at jeajeaa/cve/blob/main/sql.md. The vendor site at sourcecodester.com provides context on the affected software, but no specific patches are detailed in the provided references.

The exploit has been disclosed to the public and may be used, increasing the risk for unpatched Online Eyewear Shop 1.0 deployments.

Details

CWE(s): CWE-74 CWE-89

Affected Products

oretnom23

online eyewear shop

1.0

CVEs Like This One

CVE-2025-3018Same product: Oretnom23 Online Eyewear Shop

CVE-2025-0173Same product: Oretnom23 Online Eyewear Shop

CVE-2026-3752Same vendor: Oretnom23

CVE-2025-2387Same vendor: Oretnom23

CVE-2026-3751Same vendor: Oretnom23

CVE-2025-2655Same vendor: Oretnom23

CVE-2025-2654Same vendor: Oretnom23

CVE-2026-2848Same vendor: Oretnom23

CVE-2026-3746Same vendor: Oretnom23

CVE-2026-3771Same vendor: Oretnom23

References

https://github.com/jeajeaa/cve/blob/main/sql.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.301492
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.301492
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.522326
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.sourcecodester.com/
Product · cna@vuldb.com