CVE-2025-15142
📋 TL;DR
This CVE describes a SQL injection vulnerability in phpok3w's show.php file through manipulation of the ID parameter. Attackers can remotely exploit this to execute arbitrary SQL commands on the database. All installations using affected versions of phpok3w are vulnerable.
💻 Affected Systems
- phpok3w
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data manipulation, or full system takeover via SQL injection to RCE chain
Likely Case
Database information disclosure, data manipulation, or authentication bypass
If Mitigated
Limited impact with proper input validation and WAF protection
🎯 Exploit Status
Exploit details are publicly available in the issue tracker
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Monitor project repository for updates.
🔧 Temporary Workarounds
Input Validation for ID Parameter
allAdd strict input validation to sanitize the ID parameter in show.php
Modify show.php to validate ID parameter as integer: if(!is_numeric($_GET['ID'])) { die('Invalid input'); }
WAF Rule Implementation
allDeploy web application firewall rules to block SQL injection patterns
Add WAF rule: SecRule ARGS:ID "@rx (?i)(union|select|insert|update|delete|drop|create|alter|exec|xp_)" "id:1001,phase:2,deny,status:403,msg:'SQL Injection Attempt'"
Modify for your specific WAF platform
🧯 If You Can't Patch
- Isolate the vulnerable system from internet access
- Implement strict network segmentation and monitor for SQL injection attempts
🔍 How to Verify
Check if Vulnerable:
Check if your phpok3w installation uses commit hash earlier than 901d96a06809fb28b17f3a4362c59e70411c933cCheck Version:
git log --oneline -1Verify Fix Applied:
Test ID parameter with SQL injection payloads like: show.php?ID=1' OR '1'='1📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed parameter validation attempts
- Suspicious ID parameter values containing SQL keywords
Network Indicators:
- HTTP requests with SQL injection patterns in ID parameter
- Unusual database query patterns from web server
SIEM Query:
source="web_logs" AND ("union select" OR "' OR '1'='1" OR "sql injection" OR "show.php?ID=")