SQL Injection Vulnerability in ScriptAndTools Real-Estate Website by ScriptAndTools
CVE-2025-5128

6.9MEDIUM

Key Information:

Vendor

Scriptandtools

Status
Real-estate-website-in-PHP
Vendor
CVE Published:
24 May 2025

Badges

📈 Score: 787👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-5128?

CVE-2025-5128 is a critical SQL injection vulnerability located within the Admin Login Panel of the ScriptAndTools Real-Estate Website software version 1.0. This product, developed by ScriptAndTools, serves as a framework for real estate management applications built in PHP. The vulnerability arises from improper handling of user input, specifically the "Password" argument, allowing attackers to manipulate SQL queries sent to the database. As a consequence, an attacker can execute arbitrary SQL commands remotely, potentially leading to unauthorized data access, modification, or deletion. Given the function of the software in managing sensitive real estate data, the presence of this vulnerability poses a serious risk to organizations relying on it, as it could compromise private information and disrupt services.

Potential impact of CVE-2025-5128

  1. Data Breach: The SQL injection vulnerability enables attackers to access sensitive data stored in the database, including personal and financial information of clients and properties. This could lead to significant data breaches, exposing organizations to legal liabilities and reputational damage.

  2. Remote Exploitation: The ability to exploit this vulnerability remotely means that attackers do not need physical access to the organization's network. This drastically increases the likelihood of an attack, as malicious actors can conduct operations from anywhere in the world.

  3. Service Disruption: By executing unauthorized SQL queries, attackers can manipulate the database in ways that may disrupt normal operations of the software. This can result in downtime, loss of service continuity, and ultimately impact customer trust in the organization’s capabilities.

Affected Version(s)

Real-Estate-website-in-PHP 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-5128 - Proof of Concept

News Articles

favicon imageCVEShield

CVE Trends Dashboard

We're in the process of developing the mobile version of our website to improve your browsing experience on smaller screens. Keep an eye out for its release in the near future.Thank you for your patience!

favicon imageCVE Details

CVE-2025-5128 : A vulnerability, which was classified as critical, was found in ScriptAndTools R

CVE-2025-5128 : A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the

References

https://vuldb.com/?id.310206
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310206
signaturepermissions-required
https://vuldb.com/?submit.570957
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📰

    First article discovered by CVE Details

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

MaloyRoyOrko (VulDB User)
.