CVE-2025-15195
📋 TL;DR
CVE-2025-15195 is a SQL injection vulnerability in code-projects Assessment Management 1.0 that allows remote attackers to execute arbitrary SQL commands via the linked[] parameter in /admin/add-module.php. This affects all users running Assessment Management 1.0 with the vulnerable file accessible. The vulnerability has been publicly disclosed and can be exploited without authentication.
💻 Affected Systems
- code-projects Assessment Management
📦 What is this software?
Assessment Management by Code Projects
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, and potential remote code execution if database functions allow it.
Likely Case
Unauthorized data access, modification, or deletion of assessment management data.
If Mitigated
Limited impact with proper input validation and database permissions restricting damage scope.
🎯 Exploit Status
Public disclosure includes technical details making exploitation straightforward for attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://code-projects.org/
Restart Required: No
Instructions:
1. Check vendor website for updates
2. If no patch available, implement workarounds
3. Consider migrating to alternative software
🔧 Temporary Workarounds
Restrict access to vulnerable file
allBlock access to /admin/add-module.php using web server configuration
# Apache: Add to .htaccess
<Files "add-module.php">
Order Deny,Allow
Deny from all
</Files>
# Nginx: Add to server block
location ~ /admin/add-module\.php$ {
deny all;
return 403;
}
Implement input validation
allAdd parameter sanitization for linked[] parameter
# Example PHP code to add to add-module.php
$linked = filter_var_array($_POST['linked'], FILTER_SANITIZE_STRING);
# Use prepared statements for database queries
🧯 If You Can't Patch
- Implement web application firewall (WAF) with SQL injection rules
- Restrict database user permissions to minimum required
🔍 How to Verify
Check if Vulnerable:
Check if /admin/add-module.php exists and is accessible. Test with SQL injection payloads in linked[] parameter.Check Version:
# Check version in application files or database
# Typically in config files or about.phpVerify Fix Applied:
Verify file is no longer accessible or SQL injection attempts are blocked. Test with safe SQL injection test payloads.📡 Detection & Monitoring
Log Indicators:
- SQL syntax errors in web server logs
- Unusual database queries from web application
- Multiple requests to /admin/add-module.php with SQL keywords
Network Indicators:
- POST requests to /admin/add-module.php containing SQL keywords in parameters
- Unusual database connection patterns
SIEM Query:
source="web_logs" AND uri_path="/admin/add-module.php" AND (request_body CONTAINS "UNION" OR request_body CONTAINS "SELECT" OR request_body CONTAINS "INSERT" OR request_body CONTAINS "DELETE")