Vulnerabilities in Jasmin Ransomware

CVE-2025-6095 and CVE-2025-6096 are critical SQL injection vulnerabilities discovered in the Jasmin Ransomware version 1.0.1 developed by codesiddhant. Both vulnerabilities allow remote attackers to manipulate input parameters leading to SQL injection attacks, with publicly disclosed exploits available and no vendor response to date.

CVE-2025-6095: SQL Injection in /checklogin.php

Affected Component: An unknown function in the file /checklogin.php.
Vulnerability: Manipulation of the username and password parameters leads to SQL injection.
Impact: Attackers can bypass authentication or execute arbitrary SQL commands remotely without any privileges or user interaction.
Severity: Rated as critical with a CVSS 3.1 base score of 7.3 (High).
Exploit Details: The SQL injection allows attackers to bypass login authentication by injecting SQL payloads such as ' or '1'='1 in the username or password fields, effectively granting unauthorized access to the admin panel.
Public Disclosure: Exploit details and proof-of-concept payloads have been publicly released, enabling attackers to exploit this vulnerability easily.
Vendor Response: The vendor was contacted early but has not responded or issued a patch.
Example Scenario: An attacker sends a specially crafted request to the login page with the username parameter set to ' or '1'='1 and the password parameter similarly manipulated. This input tricks the backend SQL query into always returning true, granting access without valid credentials.

CVE-2025-6096: SQL Injection in /dashboard.php

Affected Component: An unknown functionality in the file /dashboard.php.
Vulnerability: Manipulation of the Search parameter leads to SQL injection.
Impact: Remote attackers can inject malicious SQL commands via the search input, potentially extracting sensitive data or modifying the database.
Severity: Rated as critical but with a CVSS 3.1 base score of 6.3 (Medium).
Exploit Details: The vulnerability allows attackers to craft SQL injection payloads through the search functionality, which is executed without proper sanitization.
Public Disclosure: Exploits have been disclosed publicly.
Vendor Response: No response or patch from the vendor.

Authenticated Arbitrary File Download: Due to the SQL injection in login, attackers can bypass authentication and exploit other vulnerabilities such as arbitrary file download via /Web Panel/download_file.php by manipulating the file parameter. This can lead to disclosure of sensitive files like database connection configurations.
SQL Injection Login Bypass: Multiple payloads like ' or '1'='1 can bypass login authentication, enabling full access to the admin panel.

Practical Example of Exploitation

Login Bypass via SQL Injection (CVE-2025-6095):

Access the login page at /login.php.
Enter ' or '1'='1 in both username and password fields.
Submit the form.
Gain unauthorized admin access due to the SQL query always evaluating to true.

Data Extraction via Search Injection (CVE-2025-6096):

Access the dashboard page /dashboard.php.
Inject SQL payload in the Search parameter, e.g., ' UNION SELECT user(), database(), version() --.
Extract database information or other sensitive data.

Arbitrary File Download Post-Authentication Bypass:

After bypassing login, access /Web Panel/download_file.php?file=database/db_conection.php.
Download sensitive configuration files containing database credentials.

Mitigation and Recommendations

Immediate Actions:

Restrict public access to the affected endpoints until patches are available.
Implement Web Application Firewall (WAF) rules to detect and block SQL injection patterns.
Monitor logs for suspicious input patterns targeting username, password, and Search parameters.

Long-term Fixes:

Sanitize and parameterize all SQL queries to prevent injection.
Employ prepared statements or ORM frameworks that separate data from code.
Conduct a full security audit of the Jasmin Ransomware codebase, especially input handling in /checklogin.php and /dashboard.php.
Engage with the vendor or consider migrating to more secure alternatives.

Conclusion

The CVE-2025-6095 and CVE-2025-6096 vulnerabilities in Jasmin Ransomware 1.0.1 represent critical security risks, enabling remote attackers to perform SQL injection attacks that can lead to full system compromise. With public exploits available and no vendor response, users of this ransomware software should urgently apply mitigations, restrict access, and consider alternative secure solutions.

This detailed overview highlights the nature, impact, and exploitation scenarios of the critical SQL injection vulnerabilities CVE-2025-6095 and CVE-2025-6096 in Jasmin Ransomware, providing actionable insights for security professionals and developers.

Don't forget to follow our Cyberhat.online site for similar security vulnerabilities.

https://nvd.nist.gov/

Trending

The Silent Threat in Systems: Two New Vulnerabilities in Tenable Network Monitor

Server-Side Request Forgery (SSRF) Vulnerability in SmartRobot by INTUMIT

Remote Code Execution in EV Charging Stations

Prisma Access Browser Security Update: Take Action to Address Critical Vulnerabilities

Critical CSRF Vulnerability in Siemens SIMATIC S7-1200 PLCs: Exploitation and Defense

Global Cyber Skills Benchmark CTF 2025: Operation Blackout

Critical Security Vulnerabilities in Dell ControlVault3 Firmware

Vulnerabilities in Jasmin Ransomware

Vulnerabilities in Jasmin Ransomware

CVE-2025-6095: SQL Injection in /checklogin.php

CVE-2025-6096: SQL Injection in /dashboard.php

Practical Example of Exploitation

Mitigation and Recommendations

Conclusion

Post a Comment

İletişim Formu

Vulnerabilities in Jasmin Ransomware

Vulnerabilities in Jasmin Ransomware

CVE-2025-6095: SQL Injection in /checklogin.php

CVE-2025-6096: SQL Injection in /dashboard.php

Additional Related Vulnerabilities in Jasmin Ransomware

Practical Example of Exploitation

Mitigation and Recommendations

Conclusion

Post a Comment

İletişim Formu