CVE-2025-14950
📋 TL;DR
CVE-2025-14950 is an SQL injection vulnerability in code-projects Scholars Tracking System 1.0 that allows attackers to execute arbitrary SQL commands via the ID parameter in /delete_post.php. This affects all deployments of version 1.0, potentially enabling unauthorized data access, modification, or deletion. Remote exploitation is possible without authentication.
💻 Affected Systems
- code-projects Scholars Tracking System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data destruction, or full system takeover via SQL injection leading to remote code execution.
Likely Case
Unauthorized access to sensitive student/scholar data, grade manipulation, or deletion of academic records.
If Mitigated
Limited impact with proper input validation and database permissions restricting damage to non-critical data.
🎯 Exploit Status
Exploit details are publicly available on GitHub. SQL injection via ID parameter requires minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: unknown
Vendor Advisory: https://code-projects.org/
Restart Required: No
Instructions:
No official patch available. Consider migrating to alternative software or implementing custom fixes with parameterized queries.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to ensure ID parameter contains only numeric values
Modify /delete_post.php to include: if(!is_numeric($_GET['ID'])) { die('Invalid input'); }
WAF Rule Implementation
allDeploy web application firewall rules to block SQL injection patterns
Add WAF rule: SecRule ARGS:ID "@rx (?:'|\"|;|--|union|select|insert|update|delete|drop|create|alter)" "id:1001,phase:2,deny,status:403,msg:'SQLi attempt detected'"
🧯 If You Can't Patch
- Isolate the system behind a firewall with strict IP whitelisting
- Implement database user with minimal permissions (read-only if possible)
🔍 How to Verify
Check if Vulnerable:
Test /delete_post.php with SQL injection payload: /delete_post.php?ID=1' OR '1'='1Check Version:
Check system documentation or configuration files for version informationVerify Fix Applied:
Attempt SQL injection payloads and verify they are rejected or sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed delete operations
- Requests to /delete_post.php with non-numeric ID parameters
Network Indicators:
- HTTP requests containing SQL keywords in ID parameter
- Unusual database query patterns from web server
SIEM Query:
source="web_logs" AND uri="/delete_post.php" AND (query="*union*" OR query="*select*" OR query="*' OR '*" OR query="*;--*")