CVE-2025-8471

HIGH

projectworlds Online Admission System 1.0 - SQL Injection via /adminlogin.php a_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-8471. PoCs published by Byte Reaper, byteReaper77.

AI-analyzed exploit summary This exploit demonstrates SQL injection in projectworlds Online Admission System 1.0 by injecting various payloads into the 'a_id' parameter of adminlogin.php. It uses cURL to send requests and checks for SQL errors in responses.

Description

A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulation of the argument a_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (2)

exploitdb WORKING POC

by Byte Reaper · cwebappsmultiple

https://www.exploit-db.com/exploits/52398

View Code ZIP pw:eip

This exploit demonstrates SQL injection in projectworlds Online Admission System 1.0 by injecting various payloads into the 'a_id' parameter of adminlogin.php. It uses cURL to send requests and checks for SQL errors in responses.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: projectworlds Online Admission System 1.0

No auth needed

Prerequisites: Access to the target URL · cURL library

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by byteReaper77 · poc

https://github.com/byteReaper77/CVE-2025-8471

View Code ZIP pw:eip

This repository contains a functional C-based exploit for CVE-2025-8471, a SQL injection vulnerability in 'projectworlds Online Admission System v1.0'. The exploit sends crafted GET requests to the 'adminlogin.php?a_id=' endpoint with various SQLi payloads (two-stage and deep injection) and analyzes response lengths to detect the vulnerability.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: projectworlds Online Admission System v1.0

No auth needed

Prerequisites: Target URL · libcurl development headers · argparse.h and argparse.c

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.318521

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.318521

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.626115

Exploit, Issue Tracking, Third Party Advisory exploit issue-tracking

https://github.com/tqlfront/CVE/issues/1

Scores

CVSS v3 7.3

EPSS 0.0018

EPSS Percentile 39.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

projectworlds/online_admission_system 1.0

Published Aug 02, 2025

Tracked Since Feb 18, 2026