CVE-2025-14652 MEDIUM

CVE-2025-14652: itsourcecode Online Cake Ordering System admindetail.php sql injection

Vendor Itsourcecode
Product Online Cake Ordering System
Weakness CWE-89 · SQLi
Published December 14, 2025
Last update December 15, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

Key dates

02Disclosure timeline

December 14, 2025 CVE published
December 15, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-7199 SourceCodester Complaints Report Management System manage_user.php sql injection CVE-2019-25746 WordPress Sliced Invoices 3.8.2 SQL Injection via post Parameter CVE-2023-5681 Netentsec NS-ASG Application Security Gateway list_addr_fwresource_ip.php sql injection CVE-2017-14807 SQL injection in ui-server/app/models/diary_entry.rb in SUSE Studio onsite CVE-2024-7717 WP Events Manager <= 2.1.11 - Authenticated (Subscriber+) Time-Based SQL Injection