CVE-2025-8018

MEDIUM

Carmelo Food Ordering Review System - Injection

Title source: rule

Description

A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/reservation_page.php. The manipulation of the argument reg_Id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Exploits (1)

nomisec WORKING POC 2 stars

by drackyjr · poc

https://github.com/drackyjr/CVE-2025-8018

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.317221

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.317221

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.619379

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/i-Corner/cve/issues/10

[Product] https://code-projects.org/

Scores

CVSS v3 6.3

EPSS 0.0002

EPSS Percentile 5.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

carmelo/food_ordering_review_system 1.0

Published Jul 22, 2025

Tracked Since Feb 18, 2026