CVE-2025-14203
📋 TL;DR
This SQL injection vulnerability in code-projects Question Paper Generator allows attackers to manipulate database queries through the 'subid' parameter in /selectquestionuser.php. Remote attackers can potentially access, modify, or delete database content. All users of Question Paper Generator version 1.0 and earlier are affected.
💻 Affected Systems
- code-projects Question Paper Generator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, or deletion; potential for authentication bypass and remote code execution if database permissions allow.
Likely Case
Unauthorized data access and extraction of sensitive information stored in the database, potentially including user credentials and question bank data.
If Mitigated
Limited impact with proper input validation and database permission restrictions, potentially only allowing data viewing without modification.
🎯 Exploit Status
Exploit details are publicly available on GitHub, making this easily exploitable by attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://code-projects.org/
Restart Required: No
Instructions:
No official patch available. Check vendor website for updates. Consider implementing parameterized queries or input validation as workaround.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement server-side validation and sanitization of the 'subid' parameter to prevent SQL injection.
Modify /selectquestionuser.php to validate 'subid' parameter using prepared statements or parameterized queries
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection attempts targeting the vulnerable endpoint.
Add WAF rule to block SQL injection patterns in requests to /selectquestionuser.php
🧯 If You Can't Patch
- Isolate the vulnerable system behind a firewall with strict access controls
- Implement network segmentation to limit database access from the web application
🔍 How to Verify
Check if Vulnerable:
Test the /selectquestionuser.php endpoint with SQL injection payloads in the 'subid' parameter (e.g., ' OR '1'='1). Monitor for database errors or unexpected responses.Check Version:
Check software documentation or configuration files for version information; typically found in README files or about pages.Verify Fix Applied:
Test with the same SQL injection payloads after implementing fixes; successful fixes should return error messages or reject malicious input without executing SQL commands.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed requests to /selectquestionuser.php with SQL-like patterns
- Database query errors containing user-supplied input
Network Indicators:
- HTTP requests to /selectquestionuser.php containing SQL keywords (SELECT, UNION, etc.) in parameters
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND uri="/selectquestionuser.php" AND (param="*SELECT*" OR param="*UNION*" OR param="*OR*1*" OR param="*--*" OR param="*;*" OR param="*'*" OR param="*"*")