CVE-2025-11605
BaseFortify
Publication date: 2025-10-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fabian | client_details_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11605 is a SQL injection vulnerability in the Client Details System 1.0, specifically in the /admin/update-profile.php file. The vulnerability occurs because the application directly inserts the unsanitized 'uid' parameter from a GET request into an SQL UPDATE query without validation or using parameterized queries. This allows an authenticated attacker to inject arbitrary SQL commands, potentially manipulating or exfiltrating data, causing denial of service, or even achieving full system compromise depending on the database configuration. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized data manipulation (such as updating all user profiles), complete data exfiltration through SQL injection techniques, denial of service by executing destructive queries like DROP TABLE, and potentially full system compromise via remote code execution depending on the database server setup. Exploitation requires authentication but can be executed remotely. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'uid' parameter in the /admin/update-profile.php URL for SQL injection using tools like sqlmap. Example commands include using sqlmap with techniques BEUST and tamper scripts such as space2comment, between, and randomcase to test for SQL injection. Proof-of-concept payloads include boolean-based blind SQL injection (e.g., uid=1' OR NOT 3664=3664 AND 'wMtd'='wMtd) and time-based blind SQL injection (e.g., uid=1' AND (SELECT 4745 FROM (SELECT(SLEEP(5)))ytgU) AND 'ZNhO'='ZNhO'). These tests require authentication as the vulnerability is in the admin panel. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Use parameterized queries (prepared statements) to avoid direct SQL concatenation of user inputs. 2) Implement strict input validation and type casting, such as casting 'uid' to an integer and validating input ranges, using format validation functions like filter_var(), and applying whitelist validation for fixed options. 3) Enforce least privilege on the database user account by restricting permissions to only necessary operations (SELECT, INSERT, UPDATE) and disallowing administrative privileges like DROP, ALTER, or FILE. These steps reduce the risk of SQL injection exploitation and limit potential damage. [1]