CVE-2025-8338
📋 TL;DR
CVE-2025-8338 is a critical SQL injection vulnerability in projectworlds Online Admission System 1.0 that allows remote attackers to execute arbitrary SQL commands via the ID parameter in /adminac.php. This can lead to unauthorized data access, modification, or deletion. Organizations using this specific version of the admission system are affected.
💻 Affected Systems
- projectworlds Online Admission System
📦 What is this software?
Online Admission System by Projectworlds
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, privilege escalation, and potential system takeover
Likely Case
Unauthorized access to sensitive student/admission data, data exfiltration, and potential system disruption
If Mitigated
Limited impact with proper input validation, WAF rules, and database permissions in place
🎯 Exploit Status
Exploit details are publicly available on GitHub. SQL injection via ID parameter is straightforward to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None found
Restart Required: No
Instructions:
No official patch available. Consider migrating to a supported system or implementing workarounds.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd parameterized queries and input validation to /adminac.php
Modify adminac.php to use prepared statements: $stmt = $conn->prepare('SELECT * FROM table WHERE id = ?'); $stmt->bind_param('i', $id);
Web Application Firewall Rules
allBlock SQL injection patterns targeting /adminac.php
Add WAF rule: deny requests to /adminac.php with SQL keywords in ID parameter
🧯 If You Can't Patch
- Isolate the system behind a firewall with strict access controls
- Implement network segmentation and restrict database access to minimum required connections
🔍 How to Verify
Check if Vulnerable:
Test /adminac.php with SQL injection payloads in ID parameter (e.g., adminac.php?ID=1' OR '1'='1)Check Version:
Check system documentation or configuration files for version informationVerify Fix Applied:
Test that SQL injection payloads no longer work and return proper error handling📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in web server logs
- Multiple failed login attempts to adminac.php
- SQL keywords in URL parameters
Network Indicators:
- Unusual database queries from web server IP
- Large data transfers from database
SIEM Query:
source="web_logs" AND (url="*adminac.php*" AND (param="*OR*" OR param="*UNION*" OR param="*SELECT*"))