Login Sign Up

CVE-2025-12329

6.3 MEDIUM
SQL Injection

📋 TL;DR

This CVE describes an SQL injection vulnerability in shawon100 RUET OJ's /details.php file through manipulation of the ID parameter. Remote attackers can exploit this to execute arbitrary SQL commands on the database. All deployments of RUET OJ up to commit 18fa45b0a669fa1098a0b8fc629cf6856369d9a5 are affected.

💻 Affected Systems

Products:
  • shawon100 RUET OJ
Versions: All versions up to commit 18fa45b0a669fa1098a0b8fc629cf6856369d9a5
Operating Systems: Any OS running PHP with database backend
Default Config Vulnerable: ⚠️ Yes
Notes: The product follows rolling release model, so specific version numbers are not provided. All deployments before the fix are vulnerable.

📦 What is this software?

Ruet Oj by Shawonruet

View all CVEs affecting Ruet Oj →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-sensitive data.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit has been released publicly. SQL injection via ID parameter manipulation is typically straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 18fa45b0a669fa1098a0b8fc629cf6856369d9a5

Vendor Advisory: Not available - vendor did not respond to disclosure

Restart Required: No

Instructions:

1. Update to latest version from the project repository. 2. Verify the /details.php file has proper input validation and parameterized queries. 3. Test the ID parameter with SQL injection payloads to confirm fix.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns targeting the /details.php endpoint

Input Validation Filter

all

Implement server-side validation to restrict ID parameter to expected data types

🧯 If You Can't Patch

  • Implement strict input validation for the ID parameter in /details.php
  • Apply database-level controls: use least privilege accounts, enable query logging

🔍 How to Verify

Check if Vulnerable:

Test /details.php with SQL injection payloads like: details.php?ID=1' OR '1'='1

Check Version:

Check git commit hash: git log --oneline -1

Verify Fix Applied:

Attempt SQL injection tests and verify they are blocked or properly handled

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in application logs
  • Multiple rapid requests to /details.php with varying ID parameters

Network Indicators:

  • HTTP requests to /details.php containing SQL keywords (UNION, SELECT, etc.) in parameters

SIEM Query:

source="web_logs" AND uri_path="/details.php" AND (query_string="*UNION*" OR query_string="*SELECT*" OR query_string="*OR*1=1*")

📊 Metadata

CVE ID: CVE-2025-12329
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.03% exploit probability (9.7th percentile)
Published: October 27, 2025
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12329, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)