CVE-2025-9663
BaseFortify
Publication date: 2025-08-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fabian | simple_grading_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9663 is an SQL Injection vulnerability in the Simple Grading System version 1.0, specifically in the admin panel's edit_account.php file. The vulnerability occurs due to improper handling of the 'ID' argument, allowing an attacker to inject malicious SQL code remotely. This can lead to unauthorized manipulation of the database through the admin panel. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the system. An attacker can remotely exploit the SQL Injection flaw to manipulate database contents, potentially leading to unauthorized data access, data modification, or disruption of system operations. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability can be detected by identifying the presence of the vulnerable endpoint /edit_account.php in the Simple Grading System 1.0 admin panel. One method is to use Google hacking techniques such as searching for "inurl:edit_account.php" to find potentially vulnerable targets. Additionally, monitoring network traffic for requests to /edit_account.php with suspicious or manipulated ID parameters could indicate exploitation attempts. Specific commands to detect the vulnerability include using curl or wget to send crafted requests to the endpoint and observe responses for SQL error messages or unexpected behavior. For example: curl -v "http://targetsite.com/edit_account.php?ID=1' OR '1'='1". However, no automated detection tools or signatures are explicitly provided. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Simple Grading System 1.0 software with an alternative product, as no known countermeasures or patches currently exist. Restricting access to the /edit_account.php endpoint by limiting admin panel access to trusted IP addresses or networks can reduce exposure. Additionally, implementing web application firewall (WAF) rules to detect and block SQL injection attempts targeting the ID parameter may help mitigate exploitation risks until a fix or update is available. [2]