CVE-2025-13325
📋 TL;DR
CVE-2025-13325 is a SQL injection vulnerability in itsourcecode Student Information System 1.0 that allows remote attackers to execute arbitrary SQL commands via the en_id parameter in /enrollment_edit1.php. This affects all deployments of Student Information System 1.0, potentially compromising student data and system integrity.
💻 Affected Systems
- itsourcecode Student Information System
📦 What is this software?
Student Information System by Facebook Julykringcadayona
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data manipulation, authentication bypass, or full system takeover via SQL injection to RCE chaining.
Likely Case
Unauthorized access to sensitive student records (grades, personal information), data exfiltration, or database corruption.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permissions restricting unauthorized access.
🎯 Exploit Status
Exploit details are publicly available on GitHub; remote exploitation requires no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://itsourcecode.com/
Restart Required: No
Instructions:
No official patch available. Consider upgrading to a newer version if available, or implement workarounds.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation for the en_id parameter to allow only expected values (e.g., numeric IDs).
Modify /enrollment_edit1.php to validate en_id using is_numeric() or regex patterns
Parameterized Queries Implementation
allReplace dynamic SQL queries with prepared statements using PDO or MySQLi to prevent SQL injection.
Update PHP code to use prepared statements: $stmt = $pdo->prepare('SELECT * FROM enrollments WHERE id = ?'); $stmt->execute([$en_id]);
🧯 If You Can't Patch
- Deploy a web application firewall (WAF) with SQL injection rules to block malicious requests.
- Restrict network access to the Student Information System to trusted IPs only using firewall rules.
🔍 How to Verify
Check if Vulnerable:
Test the /enrollment_edit1.php endpoint with SQL injection payloads (e.g., en_id=1' OR '1'='1) and observe database errors or unexpected behavior.Check Version:
Check the software version in the application interface or configuration files; version 1.0 is vulnerable.Verify Fix Applied:
After implementing fixes, retest with SQL injection payloads; successful fixes should return no database errors and handle input safely.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in PHP/application logs
- Multiple requests to /enrollment_edit1.php with suspicious en_id values (e.g., containing quotes, SQL keywords)
Network Indicators:
- HTTP requests to /enrollment_edit1.php with SQL injection patterns in parameters
SIEM Query:
source="web_logs" AND uri="/enrollment_edit1.php" AND (en_id="*'*" OR en_id="*OR*" OR en_id="*UNION*" OR en_id="*SELECT*")