Login Sign Up

CVE-2025-13586

4.7 MEDIUM
SQL Injection

📋 TL;DR

This SQL injection vulnerability in SourceCodester Online Student Clearance System 1.0 allows attackers to manipulate database queries through the password confirmation field. Attackers can potentially access, modify, or delete database contents remotely. All users running the vulnerable version are affected.

💻 Affected Systems

Products:
  • SourceCodester Online Student Clearance System
Versions: 1.0
Operating Systems: Any OS running PHP web server
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the /Admin/changepassword.php endpoint specifically

📦 What is this software?

Online Student Clearance System by Senior Walter

View all CVEs affecting Online Student Clearance System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, system takeover, or data destruction

🟠

Likely Case

Unauthorized data access and potential privilege escalation

🟢

If Mitigated

Limited impact if proper input validation and WAF are in place

🌐 Internet-Facing: HIGH - Attack can be initiated remotely without authentication
🏢 Internal Only: MEDIUM - Internal attackers could exploit if system is accessible

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details published on GitHub, making it easy for attackers to weaponize

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sourcecodester.com/

Restart Required: No

Instructions:

No official patch available. Consider replacing with alternative software or implementing custom fixes.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add parameterized queries and input validation to /Admin/changepassword.php

Modify PHP code to use prepared statements: $stmt = $conn->prepare('UPDATE users SET password=? WHERE id=?'); $stmt->bind_param('si', $password, $id);

Web Application Firewall

all

Deploy WAF with SQL injection rules to block malicious requests

Configure WAF rules to block SQL injection patterns in POST parameters

🧯 If You Can't Patch

  • Block access to /Admin/changepassword.php at network perimeter
  • Implement strict input validation and parameterized queries in custom code

🔍 How to Verify

Check if Vulnerable:

Test /Admin/changepassword.php endpoint with SQL injection payloads in txtconfirm_password parameter

Check Version:

Check system version in admin panel or configuration files

Verify Fix Applied:

Test that SQL injection attempts no longer succeed and receive proper error handling

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in web server logs
  • Multiple failed password change attempts
  • Requests with SQL keywords in parameters

Network Indicators:

  • POST requests to /Admin/changepassword.php with SQL payloads
  • Unusual database query patterns

SIEM Query:

source="web_server" AND (url="/Admin/changepassword.php" AND (param="txtconfirm_password" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "--"))

📊 Metadata

CVE ID: CVE-2025-13586
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.04% exploit probability (10.2th percentile)
Published: November 24, 2025
Last Updated: December 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13586, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)