CVE-2025-15140
📋 TL;DR
This SQL injection vulnerability in the saiftheboss7 onlinemcqexam software allows attackers to manipulate database queries through the ans1/ans2 parameters in the /admin/quesadd.php file. Attackers can potentially read, modify, or delete database content remotely. Organizations using affected versions of this software are at risk.
💻 Affected Systems
- saiftheboss7 onlinemcqexam
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, or deletion; potential privilege escalation to system-level access.
Likely Case
Unauthorized data access and extraction from the MCQ exam database, potentially exposing sensitive student/exam information.
If Mitigated
Limited impact with proper input validation and database permissions in place, potentially only allowing data viewing without modification.
🎯 Exploit Status
Exploit details are publicly available; requires access to the admin interface but SQL injection is typically straightforward to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None - vendor did not respond to disclosure
Restart Required: No
Instructions:
No official patch available. Consider implementing input validation and parameterized queries in the affected file.
🔧 Temporary Workarounds
Input Validation Implementation
allAdd input validation and sanitization for ans1/ans2 parameters in quesadd.php
Edit /admin/quesadd.php to implement parameterized queries or input filtering
Web Application Firewall
allDeploy WAF with SQL injection protection rules
🧯 If You Can't Patch
- Isolate the application behind a reverse proxy with SQL injection filtering
- Restrict network access to only trusted IP addresses
🔍 How to Verify
Check if Vulnerable:
Check if your version is at or before commit 0e56806132971e49721db3ef01868098c7b42ada and examine /admin/quesadd.php for unsanitized ans1/ans2 parametersCheck Version:
Check git commit history or version file if availableVerify Fix Applied:
Test the ans1/ans2 parameters with SQL injection payloads to confirm they're properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts to admin interface
- Unexpected parameter values in web server logs for quesadd.php
Network Indicators:
- SQL injection patterns in HTTP requests to /admin/quesadd.php
- Unusual database connection patterns
SIEM Query:
web.url:"/admin/quesadd.php" AND (web.param:"ans1" OR web.param:"ans2") AND (web.param.value:"*'*" OR web.param.value:"*"*" OR web.param.value:"*--*" OR web.param.value:"*;*" OR web.param.value:"*UNION*" OR web.param.value:"*SELECT*" OR web.param.value:"*INSERT*" OR web.param.value:"*UPDATE*" OR web.param.value:"*DELETE*")