CVE-2025-6907

HIGH

Car Rental System 1.0 - SQL Injection via fname Parameter in book_car.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-6907. PoCs published by byteReaper77.

AI-analyzed exploit summary This repository contains a functional C-based SQL Injection exploit for CVE-2025-6907, targeting the CODE_PROJECT service. The exploit includes advanced features such as automated payload enumeration, environment checks, and verbose logging, with dependencies on libcurl and argparse.

Description

A vulnerability classified as critical was found in code-projects Car Rental System 1.0. This vulnerability affects unknown code of the file /book_car.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC 1 stars

by byteReaper77 · poc

https://github.com/byteReaper77/cve-2025-6907

View Code ZIP pw:eip

This repository contains a functional C-based SQL Injection exploit for CVE-2025-6907, targeting the CODE_PROJECT service. The exploit includes advanced features such as automated payload enumeration, environment checks, and verbose logging, with dependencies on libcurl and argparse.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: CODE_PROJECT (version unspecified)

No auth needed

Prerequisites: Linux x86_64 environment · gcc and make · libcurl development headers · argparse.h

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.314398

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.314398

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.606158

Exploit, Issue Tracking, Third Party Advisory exploit issue-tracking

https://github.com/zzb1388/cve/issues/13

Product product

https://code-projects.org/

Scores

CVSS v3 7.3

EPSS 0.0040

EPSS Percentile 31.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

anisha/car_rental_system 1.0

Published Jun 30, 2025

Tracked Since Feb 18, 2026