CVE-2025-11475
BaseFortify
Publication date: 2025-10-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| projectworlds | advanced_library_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11475 is a critical SQL injection vulnerability in the Advanced Library Management System version 1.0, specifically in the /view_member.php file. The vulnerability occurs because the user_id parameter is improperly handled and directly concatenated into SQL queries without proper sanitization or parameterization. This allows remote, unauthenticated attackers to inject malicious SQL code, enabling them to perform boolean-based, time-based, and UNION-based SQL injection attacks. Exploiting this flaw can lead to unauthorized access to database contents, data modification, or deletion. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized enumeration and exfiltration of sensitive database information such as user records, credentials, and personally identifiable information (PII). Attackers can modify or delete data if the database user has write permissions, potentially bypass authentication or take over accounts. It may also allow attackers to pivot to full system compromise when combined with other vulnerabilities. The attack can be launched remotely without authentication, making exploitation straightforward and dangerous. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious characters such as single quotes ('), double dashes (--), UNION statements, and SLEEP() functions in the user_id parameter of HTTP GET requests to /view_member.php. Time delays in responses and SQL errors in logs are also indicators. Automated tools like sqlmap can be used to confirm the vulnerability by sending payloads that trigger conditional responses, time delays, or UNION-based data extraction. Additionally, Google Dorking with queries like "inurl:view_member.php" can help identify vulnerable targets. Monitoring and alerting on unusual database query patterns and suspicious requests is recommended. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include deploying a Web Application Firewall (WAF) with rules to block typical SQL injection payloads targeting /view_member.php, implementing rate limiting on database-backed endpoints, restricting network access via IP allowlists, and reducing database user privileges to remove unnecessary permissions. Monitoring and alerting on suspicious requests and unusual database query patterns is also advised. For a permanent fix, validate all inputs by casting user_id to an integer, use parameterized queries or prepared statements, and perform a full code audit to remediate other injection points. [1, 3]