CVE-2025-11390 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2025-11390?

CVE-2025-11390 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows attackers to inject malicious scripts into the PHPGurukul Cyber Cafe Management System 1.0 through the search.php file. When exploited, it enables cross-site scripting attacks that can steal user sessions, redirect users, or deface websites. Any organization using this specific version of the software is affected.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into the PHPGurukul Cyber Cafe Management System 1.0 through the search.php file. When exploited, it enables cross-site scripting attacks that can steal user sessions, redirect users, or deface websites. Any organization using this specific version of the software is affected.

💻 Affected Systems

Products:

PHPGurukul Cyber Cafe Management System

Versions: 1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Cyber Cafe Management System by Phpgurukul

View all CVEs affecting Cyber Cafe Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take full control of the system, access sensitive customer data, and use the compromised system as a foothold for further attacks.

🟠

Likely Case

Attackers will inject malicious scripts to steal user session cookies, redirect users to phishing sites, or deface the cyber cafe management interface.

🟢

If Mitigated

With proper input validation and output encoding, the impact is limited to failed exploitation attempts with no data compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit is publicly available and requires minimal technical skill to execute. Attackers can exploit this remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://phpgurukul.com/

Restart Required: No

Instructions:

No official patch is available. Consider implementing workarounds or replacing the software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add proper input validation and output encoding to the search.php file to prevent XSS payloads from executing.

Edit search.php and implement htmlspecialchars() or htmlentities() on the searchdata parameter before output

Web Application Firewall (WAF)

all

Deploy a WAF with XSS protection rules to block malicious payloads before they reach the application.

🧯 If You Can't Patch

Isolate the system from the internet and restrict access to authorized users only
Implement Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Test by injecting a simple XSS payload like <script>alert('test')</script> into the search parameter and check if it executes

Check Version:

Check the software version in the admin panel or readme files

Verify Fix Applied:

After implementing fixes, test with the same XSS payloads to ensure they are properly sanitized and don't execute

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to search.php with script tags or JavaScript code in parameters
Multiple failed login attempts following suspicious search queries

Network Indicators:

HTTP requests containing <script> tags or JavaScript functions in searchdata parameter
Unusual outbound connections from the server after search operations

SIEM Query:

source="web_logs" AND uri="/search.php" AND (searchdata="*<script>*" OR searchdata="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-11390

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

EPSS Score: 0.06% exploit probability (19.9th percentile)

Published: October 7, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/QIU-DIE/CVE/issues/4 Exploit,Issue Tracking,Third Party Advisory
https://phpgurukul.com/ Product
https://vuldb.com/?ctiid.327317 Permissions Required,VDB Entry
https://vuldb.com/?id.327317 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.664984 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.665028

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11390, you might also want to check these: