CVE-2025-8018

MEDIUM

Food Ordering Review System 1.0 - SQL Injection via reg_Id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-8018. PoCs published by drackyjr.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2025-8018, demonstrating SQL injection in Food Ordering Review System v1.0 via the `reg_Id` parameter. The exploit includes time-based blind SQLi checks, column-count discovery, and data extraction techniques.

Description

A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/reservation_page.php. The manipulation of the argument reg_Id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Exploits (1)

nomisec WORKING POC 2 stars

by drackyjr · poc

https://github.com/drackyjr/CVE-2025-8018

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2025-8018, demonstrating SQL injection in Food Ordering Review System v1.0 via the `reg_Id` parameter. The exploit includes time-based blind SQLi checks, column-count discovery, and data extraction techniques.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Food Ordering Review System v1.0

No auth needed

Prerequisites: Python 3.x · requests library · access to vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.317221

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.317221

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.619379

Exploit, Issue Tracking, Third Party Advisory exploit issue-tracking

https://github.com/i-Corner/cve/issues/10

Product product

https://code-projects.org/

Scores

CVSS v3 6.3

EPSS 0.0034

EPSS Percentile 25.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

carmelo/food_ordering_review_system 1.0

Published Jul 22, 2025

Tracked Since Feb 18, 2026