CVE Alert: CVE-2025-12307 - code-projects - Nero Social Networking Site

CVE-2025-12307

HIGHNo exploitation knownPoC observed

A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

CVSS v3.1 (7.3)

Vendor

code-projects

Product

Nero Social Networking Site

Versions

1.0

CWE

CWE-89, SQL Injection

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Published

2025-10-27T19:02:05.517Z

Updated

2025-10-27T20:37:54.245Z

References

https://vuldb.com/?id.329979

https://vuldb.com/?ctiid.329979

https://vuldb.com/?submit.676808

https://github.com/yuan466/CVE/blob/main/two/report.md

https://code-projects.org/

AI Summary Analysis

Risk verdict

Urgent: remote SQL injection with a publicly available PoC makes data exposure and site disruption plausible; high-priority remediation required.

Why this matters

The vulnerability enables unauthenticated remote access to the backend database via /addfriend.php, risking data leakage, integrity loss, or manipulation of user relationships. If the DB is compromised, attackers could escalate further or pivot to other systems, with potential regulatory and reputational consequences for the organisation.

Most likely attack path

An attacker records a crafted ID parameter in a network request to addfriend.php, triggering a SQL injection due to insufficient input handling. With AV:N, PR:N, UI:N, and AC:L, no user interaction or authentication is needed, enabling automatic exploitation over the network. The attack can lead to data disclosure or modification, and may enable broader exploitation if the database or app logic is poorly isolated; the UI and scope remain unchanged unless additional flaws are present.

Who is most exposed

Public, PHP/MySQL-based Nero Social Networking Site deployments are at greatest risk, especially those hosted on shared or loosely segmented environments with minimal input validation around user-generated actions.

Detection ideas

Web server logs show unusual, crafted ID values targeting addfriend.php
DB logs reveal anomalous or malformed SQL queries from web app users
Spikes of errors or unusual data access patterns around the addfriend.php endpoint
IDS/IPS alerts for classic SQLi payloads or unusual UNION/SELECT constructs
Unexpected changes in friendships or user records correlating with unusual activity

Mitigation and prioritisation

Apply available patch or upgrade to fixed version; implement parameterised queries and prepared statements
Implement input validation and proper ORM/DB access controls; disable or tightly restrict addfriend functionality if feasible
Deploy WAF rules to block SQL injection patterns; tighten DB user privileges (least privilege)
Review and harden server configs, error handling, and logging to reduce information leakage
Change-management: schedule emergency patch/test in staging, monitor post-deployment for anomalous activity
Given the public PoC, treat as high-priority; coordinate with SOC for early detection and response.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: code-projects, CVE, cve-2025-12307, nero-social-networking-site, OSINT, threatintel