CVE Alert: CVE-2025-12309 - code-projects - Nero Social Networking Site

CVE-2025-12309

HIGHNo exploitation knownPoC observed

A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

CVSS v3.1 (7.3)

Vendor

code-projects

Product

Nero Social Networking Site

Versions

1.0

CWE

CWE-89, SQL Injection

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Published

2025-10-27T19:02:11.093Z

Updated

2025-10-27T19:23:24.602Z

References

https://vuldb.com/?id.329981

https://vuldb.com/?ctiid.329981

https://vuldb.com/?submit.676964

https://github.com/daojian1/Nero-Social-Networking-Site-V1.0_002

https://code-projects.org/

AI Summary Analysis

Risk verdict

High risk with a public PoC; remote, unauthenticated SQL injection that is automatable, making rapid exploitation likely.

Why this matters

The vulnerability enables access to potentially sensitive data and could allow data integrity impacts, depending on the DB permissions the application uses. With a publicly available exploit, attackers may rapidly automate scans and attempts across exposed instances, elevating regulatory, reputational, and downtime risks for affected organisations.

Most likely attack path

An attacker can target a publicly reachable PHP endpoint, submit crafted input in a parameter such as an ID, and trigger a SQL injection without user interaction or authentication. Given the lack of user interaction and network-based access, the initial compromise relies on the application’s database permissions; data exfiltration is plausible, with limited lateral movement unless DB credentials permit broader access.

Who is most exposed

Public-facing deployments of web applications with custom PHP logic, particularly those on shared or cloud hosting and with slow patch cycles, are at greatest risk.

Detection ideas

WAF/logs showing unusual parameterized queries or concatenated SQL in requests.
Error messages or stack traces in responses or logs indicating SQL errors.
Sudden spikes in GET requests with atypical ID values or repetitive probing patterns.
IOC match against known exploit strings or payloads.
Anomalies in DB query latency following requests to the endpoint.

Mitigation and prioritisation

Apply the vendor patch or upgrade to a fixed version; if unavailable, implement compensating controls.
Enforce parameterised queries/prepared statements and input validation.
Harden the DB user: least privilege, disable unnecessary rights, rotate credentials.
Implement WAF rules targeting SQLi patterns; disable verbose error messages.
Change-management: schedule urgent patching and test in staging; monitor post-deployment.
If KEV is true or EPSS ≥ 0.5, treat as priority 1. If not, maintain elevated priority until patched.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: code-projects, CVE, cve-2025-12309, nero-social-networking-site, OSINT, threatintel