SQL Injection Vulnerability in Projectworlds Responsive E-Learning System
CVE-2025-5213

6.9MEDIUM

Key Information:

Vendor

Projectworlds

Status
Responsive E-learning System
Vendor
CVE Published:
27 May 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-5213?

A SQL injection vulnerability exists in the Projectworlds Responsive E-Learning System, specifically targeting the /admin/delete_file.php script. By manipulating the ID parameter, an attacker can execute malicious SQL queries, potentially compromising the database. This vulnerability can be exploited remotely, allowing unauthorized users to manipulate data and escalate their access within the system. Immediate attention is advised to mitigate any risks associated with this vulnerability.

Affected Version(s)

Responsive E-Learning System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-5213 - Proof of Concept

References

https://vuldb.com/?id.310309
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310309
signaturepermissions-required
https://vuldb.com/?submit.582909
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.
CVE-2025-5213 : SQL Injection Vulnerability in Projectworlds Responsive E-Learning System