CVE-2025-13243
📋 TL;DR
This SQL injection vulnerability in code-projects Student Information System 2.0 allows attackers to execute arbitrary SQL commands through the /editprofile.php endpoint. Any organization using this software with the vulnerable version is affected. The vulnerability is remotely exploitable and public exploit code exists.
💻 Affected Systems
- code-projects Student Information System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, authentication bypass, and potential server takeover via SQL injection to RCE chaining.
Likely Case
Unauthorized access to student records, grade manipulation, personal information theft, and potential privilege escalation within the system.
If Mitigated
Limited impact with proper input validation, parameterized queries, and network segmentation preventing database access.
🎯 Exploit Status
Public exploit code is available on GitHub. The vulnerability requires no authentication and has simple exploitation vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://code-projects.org/
Restart Required: No
Instructions:
1. Check code-projects.org for official patches or updates. 2. If no patch available, implement workarounds. 3. Consider migrating to supported software.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd input validation and parameterized queries to /editprofile.php to prevent SQL injection.
Modify PHP code to use prepared statements: $stmt = $conn->prepare('UPDATE users SET name=? WHERE id=?'); $stmt->bind_param('si', $name, $id);
Web Application Firewall Rules
linuxImplement WAF rules to block SQL injection patterns targeting /editprofile.php.
Add ModSecurity rule: SecRule ARGS "@detectSQLi" "id:1001,phase:2,deny,status:403,msg:'SQL Injection Attempt'"
Add naxsi rule: MainRule "str:--" "msg:sql comment" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1001;
🧯 If You Can't Patch
- Network segmentation: Isolate the Student Information System from other critical systems and restrict database access.
- Implement strict access controls: Limit who can access the /editprofile.php endpoint and monitor all access attempts.
🔍 How to Verify
Check if Vulnerable:
Test /editprofile.php endpoint with SQL injection payloads like ' OR '1'='1 in parameters. Monitor for database errors or unexpected behavior.Check Version:
Check software version in admin panel or review source code for version indicators.Verify Fix Applied:
Attempt SQL injection tests after implementing fixes. Verify no database errors occur and input is properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts followed by /editprofile.php access
- HTTP requests with SQL keywords to /editprofile.php
Network Indicators:
- Unusual outbound database connections from web server
- Traffic patterns showing SQL injection payloads
SIEM Query:
source="web_logs" AND uri="/editprofile.php" AND (payload="' OR" OR payload="UNION" OR payload="SELECT" OR payload="INSERT")