CVE-2025-11052 – CVE-2025-11052 is a SQL injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2025-11052?

CVE-2025-11052 has a CVSS score of 7.3 (HIGH). CVE-2025-11052 is a SQL injection vulnerability in kidaze CourseSelectionSystem 1.0 that allows remote attackers to execute arbitrary SQL commands via the csslc parameter in /Profilers/PriProfile/COUNT3s5.php. This affects all users running the vulnerable version of the software, potentially leading to data theft, modification, or deletion.

📋 TL;DR

CVE-2025-11052 is a SQL injection vulnerability in kidaze CourseSelectionSystem 1.0 that allows remote attackers to execute arbitrary SQL commands via the csslc parameter in /Profilers/PriProfile/COUNT3s5.php. This affects all users running the vulnerable version of the software, potentially leading to data theft, modification, or deletion.

💻 Affected Systems

Products:

kidaze CourseSelectionSystem

Versions: 1.0

Operating Systems: All platforms running the vulnerable software

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the 5.php component and affects the COUNT3s5.php file specifically. Any deployment using the vulnerable version is affected regardless of configuration.

📦 What is this software?

Courseselectionsystem by Kidaze

View all CVEs affecting Courseselectionsystem →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, modification, or deletion; potential privilege escalation to system-level access if database permissions are misconfigured.

🟠

Likely Case

Unauthorized access to sensitive student/course data, grade manipulation, or system disruption through database corruption.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions in place.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require network access, reducing exposure compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit has been publicly released and requires minimal technical skill to execute. Attack vectors are straightforward SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch is available. Consider implementing input validation and parameterized queries as temporary mitigation until an official fix is released.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side validation to reject malicious SQL characters in the csslc parameter

Modify COUNT3s5.php to validate csslc input using regex patterns or whitelist acceptable values

Web Application Firewall (WAF) Rules

all

Deploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint

Configure WAF to block requests containing SQL keywords (SELECT, UNION, etc.) in the csslc parameter

🧯 If You Can't Patch

Isolate the vulnerable system from internet access and restrict internal network access
Implement database-level controls: use least-privilege database accounts and enable audit logging

🔍 How to Verify

Check if Vulnerable:

Test the /Profilers/PriProfile/COUNT3s5.php endpoint with SQL injection payloads in the csslc parameter and observe database errors or unexpected behavior

Check Version:

Check the software version in the application interface or configuration files; look for 'CourseSelectionSystem 1.0'

Verify Fix Applied:

After implementing mitigations, test with the same SQL injection payloads to confirm they are blocked or properly handled

📡 Detection & Monitoring

Log Indicators:

Unusual database queries from web application logs
SQL syntax errors in application logs
Multiple failed parameter validation attempts

Network Indicators:

HTTP requests to /Profilers/PriProfile/COUNT3s5.php with SQL keywords in parameters
Unusual database connection patterns from web servers

SIEM Query:

source="web_logs" AND uri="/Profilers/PriProfile/COUNT3s5.php" AND (param="csslc" AND value MATCHES "(?i)(SELECT|UNION|INSERT|DELETE|DROP|--|;)")

📊 Metadata

CVE ID: CVE-2025-11052

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.05% exploit probability (15.4th percentile)

Published: September 27, 2025

Last Updated: October 16, 2025

🔗 References

https://github.com/xxxmingyue/cve/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.326092 Permissions Required,VDB Entry
https://vuldb.com/?id.326092 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.659370 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11052, you might also want to check these: