CVE-2025-11582 – CVE-2025-11582 is an SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-11582?

CVE-2025-11582 has a CVSS score of 7.3 (HIGH). CVE-2025-11582 is an SQL injection vulnerability in code-projects Online Job Search Engine 1.0 that allows remote attackers to execute arbitrary SQL commands via the txtusername parameter in registration.php. This affects all deployments of version 1.0, potentially compromising database confidentiality, integrity, and availability.

📋 TL;DR

CVE-2025-11582 is an SQL injection vulnerability in code-projects Online Job Search Engine 1.0 that allows remote attackers to execute arbitrary SQL commands via the txtusername parameter in registration.php. This affects all deployments of version 1.0, potentially compromising database confidentiality, integrity, and availability.

💻 Affected Systems

Products:

code-projects Online Job Search Engine

Versions: 1.0

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations of version 1.0. The vulnerability exists in the default installation.

📦 What is this software?

Online Job Search Engine by Fabian

View all CVEs affecting Online Job Search Engine →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, authentication bypass, or full system takeover via subsequent attacks.

🟠

Likely Case

Unauthorized data extraction from the database, including user credentials, personal information, and application data.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing successful exploitation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects a web application component.

🏢 Internal Only: MEDIUM - Internal systems could still be vulnerable if accessible within the network, though attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details are available, making this easily exploitable by attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Consider implementing parameterized queries and input validation in registration.php.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and sanitization for the txtusername parameter in registration.php

Edit registration.php to add input validation: $username = mysqli_real_escape_string($conn, $_POST['txtusername']);

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable system from critical assets
Enable detailed logging and monitoring for SQL injection attempts on registration.php

🔍 How to Verify

Check if Vulnerable:

Test the registration.php endpoint with SQL injection payloads in the txtusername parameter

Check Version:

Check the application version in the source code or configuration files

Verify Fix Applied:

Attempt SQL injection after implementing fixes and verify no database errors or unexpected behavior occurs

📡 Detection & Monitoring

Log Indicators:

SQL syntax errors in application logs
Unusual database queries from registration.php
Multiple failed registration attempts with special characters

Network Indicators:

HTTP POST requests to registration.php containing SQL keywords in parameters
Unusual database response times

SIEM Query:

source="web_logs" AND uri="/registration.php" AND (payload CONTAINS "UNION" OR payload CONTAINS "SELECT" OR payload CONTAINS "OR 1=1")

📊 Metadata

CVE ID: CVE-2025-11582

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.05% exploit probability (15.4th percentile)

Published: October 10, 2025

Last Updated: October 23, 2025

🔗 References

https://code-projects.org/ Product
https://github.com/iMayday-Yee/Vulnerability/issues/4 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.327904 Permissions Required,VDB Entry
https://vuldb.com/?id.327904 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.671468 Third Party Advisory,VDB Entry
https://github.com/iMayday-Yee/Vulnerability/issues/4 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11582, you might also want to check these: