Vulnerabilites related to kidaze - CourseSelectionSystem
CVE-2025-10477 (GCVE-0-2025-10477)
Vulnerability from cvelistv5
Published
2025-09-15 20:32
Modified
2025-09-15 20:40
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.323913 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.323913 | signature, permissions-required | |
| https://vuldb.com/?submit.648516 | third-party-advisory | |
| https://github.com/Miker132/CVE-/issues/6 | exploit, issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kidaze | CourseSelectionSystem |
Version: 42cd892b40a18d50bd4ed1905fa89f939173a464 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10477",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T20:40:29.192293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T20:40:36.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CourseSelectionSystem",
"vendor": "kidaze",
"versions": [
{
"status": "affected",
"version": "42cd892b40a18d50bd4ed1905fa89f939173a464"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "M0ker (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in kidaze CourseSelectionSystem bis 42cd892b40a18d50bd4ed1905fa89f939173a464 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /Profilers/PriProfile/eligibility.php. Durch das Beeinflussen des Arguments Branch mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Bei diesem Produkt handelt es sich um ein Rolling Release, das eine fortlaufende Bereitstellung erm\u00f6glicht. Aus diesem Grund stehen keine Versionsinformationen zu betroffenen oder aktualisierten Versionen zur Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T20:32:05.542Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323913 | kidaze CourseSelectionSystem eligibility.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323913"
},
{
"name": "VDB-323913 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323913"
},
{
"name": "Submit #648516 | github.com Course Selection System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.648516"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Miker132/CVE-/issues/6"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-15T15:59:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "kidaze CourseSelectionSystem eligibility.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10477",
"datePublished": "2025-09-15T20:32:05.542Z",
"dateReserved": "2025-09-15T13:54:12.843Z",
"dateUpdated": "2025-09-15T20:40:36.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10597 (GCVE-0-2025-10597)
Vulnerability from cvelistv5
Published
2025-09-17 15:32
Modified
2025-09-17 17:44
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/RC:R
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/RC:R
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/RC:R
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This vulnerability affects unknown code of the file /Profilers/PriProfile/COUNT2.php. This manipulation of the argument cname causes sql injection. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.324614 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.324614 | signature, permissions-required | |
| https://vuldb.com/?submit.649316 | third-party-advisory | |
| https://github.com/shang-hh/shang/blob/main/sql.txt | related |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kidaze | CourseSelectionSystem |
Version: 42cd892b40a18d50bd4ed1905fa89f939173a464 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10597",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T17:44:14.152555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T17:44:17.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/shang-hh/shang/blob/main/sql.txt"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.649316"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CourseSelectionSystem",
"vendor": "kidaze",
"versions": [
{
"status": "affected",
"version": "42cd892b40a18d50bd4ed1905fa89f939173a464"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This vulnerability affects unknown code of the file /Profilers/PriProfile/COUNT2.php. This manipulation of the argument cname causes sql injection. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available."
},
{
"lang": "de",
"value": "In kidaze CourseSelectionSystem bis 42cd892b40a18d50bd4ed1905fa89f939173a464 wurde eine Schwachstelle gefunden. Dies betrifft einen unbekannten Teil der Datei /Profilers/PriProfile/COUNT2.php. Durch Beeinflussen des Arguments cname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Dieses Produkt verwendet ein Rolling-Release-Modell, um eine kontinuierliche Auslieferung zu gew\u00e4hrleisten. Daher sind keine Versionsdetails f\u00fcr betroffene oder aktualisierte Releases verf\u00fcgbar."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T15:32:05.161Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-324614 | kidaze CourseSelectionSystem COUNT2.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.324614"
},
{
"name": "VDB-324614 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.324614"
},
{
"name": "Submit #649316 | github.com Course Selection System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.649316"
},
{
"tags": [
"related"
],
"url": "https://github.com/shang-hh/shang/blob/main/sql.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-17T08:29:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "kidaze CourseSelectionSystem COUNT2.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10597",
"datePublished": "2025-09-17T15:32:05.161Z",
"dateReserved": "2025-09-17T06:24:01.055Z",
"dateUpdated": "2025-09-17T17:44:17.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11033 (GCVE-0-2025-11033)
Vulnerability from cvelistv5
Published
2025-09-26 18:02
Modified
2025-09-26 18:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Impacted is an unknown function of the file /Profilers/PriProfile/COUNT3s7.php. The manipulation of the argument cbe leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.325980 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.325980 | signature, permissions-required | |
| https://vuldb.com/?submit.657951 | third-party-advisory | |
| https://github.com/limingserverll-wq/cve/issues/4 | exploit, issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kidaze | CourseSelectionSystem |
Version: 42cd892b40a18d50bd4ed1905fa89f939173a464 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11033",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T18:32:26.601210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T18:32:47.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CourseSelectionSystem",
"vendor": "kidaze",
"versions": [
{
"status": "affected",
"version": "42cd892b40a18d50bd4ed1905fa89f939173a464"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LiMing0618 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Impacted is an unknown function of the file /Profilers/PriProfile/COUNT3s7.php. The manipulation of the argument cbe leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464 gefunden. Es betrifft eine unbekannte Funktion der Datei /Profilers/PriProfile/COUNT3s7.php. Durch Manipulation des Arguments cbe mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T18:02:05.749Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325980 | kidaze CourseSelectionSystem COUNT3s7.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325980"
},
{
"name": "VDB-325980 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325980"
},
{
"name": "Submit #657951 | github.com Course Selection System v1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.657951"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/limingserverll-wq/cve/issues/4"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-26T10:49:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "kidaze CourseSelectionSystem COUNT3s7.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11033",
"datePublished": "2025-09-26T18:02:05.749Z",
"dateReserved": "2025-09-26T08:44:46.342Z",
"dateUpdated": "2025-09-26T18:32:47.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11052 (GCVE-0-2025-11052)
Vulnerability from cvelistv5
Published
2025-09-27 07:02
Modified
2025-09-29 19:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A security flaw has been discovered in kidaze CourseSelectionSystem 1.0/5.php. The impacted element is an unknown function of the file /Profilers/PriProfile/COUNT3s5.php. Performing manipulation of the argument csslc results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.326092 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.326092 | signature, permissions-required | |
| https://vuldb.com/?submit.659370 | third-party-advisory | |
| https://github.com/xxxmingyue/cve/issues/1 | exploit, issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kidaze | CourseSelectionSystem |
Version: 1.0 Version: 5.php |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11052",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T19:11:32.778808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T19:11:44.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CourseSelectionSystem",
"vendor": "kidaze",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "5.php"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "er1czz (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in kidaze CourseSelectionSystem 1.0/5.php. The impacted element is an unknown function of the file /Profilers/PriProfile/COUNT3s5.php. Performing manipulation of the argument csslc results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in kidaze CourseSelectionSystem 1.0/5.php gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /Profilers/PriProfile/COUNT3s5.php. Durch Manipulation des Arguments csslc mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-27T07:02:06.610Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326092 | kidaze CourseSelectionSystem COUNT3s5.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.326092"
},
{
"name": "VDB-326092 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326092"
},
{
"name": "Submit #659370 | GitHub CourseSelectionSystem V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.659370"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/xxxmingyue/cve/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-26T11:48:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "kidaze CourseSelectionSystem COUNT3s5.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11052",
"datePublished": "2025-09-27T07:02:06.610Z",
"dateReserved": "2025-09-26T09:43:17.588Z",
"dateUpdated": "2025-09-29T19:11:44.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10665 (GCVE-0-2025-10665)
Vulnerability from cvelistv5
Published
2025-09-18 12:02
Modified
2025-09-18 13:20
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Affected is an unknown function of the file /Profilers/PProfile/COUNT3s3.php. The manipulation of the argument csem leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.324786 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.324786 | signature, permissions-required | |
| https://vuldb.com/?submit.651941 | third-party-advisory | |
| https://github.com/qi-wm/cve/issues/1 | exploit, issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kidaze | CourseSelectionSystem |
Version: 42cd892b40a18d50bd4ed1905fa89f939173a464 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10665",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-18T13:19:55.453332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T13:20:07.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CourseSelectionSystem",
"vendor": "kidaze",
"versions": [
{
"status": "affected",
"version": "42cd892b40a18d50bd4ed1905fa89f939173a464"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "qihao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Affected is an unknown function of the file /Profilers/PProfile/COUNT3s3.php. The manipulation of the argument csem leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided."
},
{
"lang": "de",
"value": "In kidaze CourseSelectionSystem bis 42cd892b40a18d50bd4ed1905fa89f939173a464 wurde eine Schwachstelle gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /Profilers/PProfile/COUNT3s3.php. Dank der Manipulation des Arguments csem mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T12:02:10.246Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-324786 | kidaze CourseSelectionSystem COUNT3s3.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.324786"
},
{
"name": "VDB-324786 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.324786"
},
{
"name": "Submit #651941 | github.com Course Selection System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.651941"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/qi-wm/cve/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-18T07:29:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "kidaze CourseSelectionSystem COUNT3s3.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10665",
"datePublished": "2025-09-18T12:02:10.246Z",
"dateReserved": "2025-09-18T05:24:35.540Z",
"dateUpdated": "2025-09-18T13:20:07.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11032 (GCVE-0-2025-11032)
Vulnerability from cvelistv5
Published
2025-09-26 17:32
Modified
2025-09-26 17:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This issue affects some unknown processing of the file /Profilers/PriProfile/COUNT3s6.php. Executing manipulation of the argument CPU can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.325979 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.325979 | signature, permissions-required | |
| https://vuldb.com/?submit.657950 | third-party-advisory | |
| https://github.com/limingserverll-wq/cve/issues/3 | exploit, issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kidaze | CourseSelectionSystem |
Version: 42cd892b40a18d50bd4ed1905fa89f939173a464 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11032",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T17:49:44.222808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T17:49:58.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CourseSelectionSystem",
"vendor": "kidaze",
"versions": [
{
"status": "affected",
"version": "42cd892b40a18d50bd4ed1905fa89f939173a464"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LiMing0618 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This issue affects some unknown processing of the file /Profilers/PriProfile/COUNT3s6.php. Executing manipulation of the argument CPU can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed."
},
{
"lang": "de",
"value": "In kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464 ist eine Schwachstelle entdeckt worden. Betroffen davon ist eine unbekannte Funktion der Datei /Profilers/PriProfile/COUNT3s6.php. Durch die Manipulation des Arguments CPU mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. F\u00fcr dieses Produkt wird ein Rolling-Release-Ansatz verwendet, wodurch eine st\u00e4ndige Bereitstellung erfolgt. Daher sind keine Versionsdetails zu betroffenen oder aktualisierten Versionen vorhanden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T17:32:05.839Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325979 | kidaze CourseSelectionSystem COUNT3s6.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325979"
},
{
"name": "VDB-325979 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325979"
},
{
"name": "Submit #657950 | github.com Course Selection System v1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.657950"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/limingserverll-wq/cve/issues/3"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-26T10:49:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "kidaze CourseSelectionSystem COUNT3s6.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11032",
"datePublished": "2025-09-26T17:32:05.839Z",
"dateReserved": "2025-09-26T08:44:43.616Z",
"dateUpdated": "2025-09-26T17:49:58.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11089 (GCVE-0-2025-11089)
Vulnerability from cvelistv5
Published
2025-09-28 00:02
Modified
2025-09-29 14:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.326171 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.326171 | signature, permissions-required | |
| https://vuldb.com/?submit.661282 | third-party-advisory | |
| https://github.com/evilthan9/cve/issues/2 | exploit, issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kidaze | CourseSelectionSystem |
Version: 42cd892b40a18d50bd4ed1905fa89f939173a464 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11089",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T14:51:11.323100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T14:51:13.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/evilthan9/cve/issues/2"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CourseSelectionSystem",
"vendor": "kidaze",
"versions": [
{
"status": "affected",
"version": "42cd892b40a18d50bd4ed1905fa89f939173a464"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "THEV (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available."
},
{
"lang": "de",
"value": "In kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464 ist eine Schwachstelle entdeckt worden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /Profilers/PriProfile/COUNT3s4.php. Die Bearbeitung des Arguments cbranch verursacht sql injection. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden. F\u00fcr dieses Produkt wird ein Rolling-Release-Ansatz verwendet, wodurch eine st\u00e4ndige Bereitstellung erfolgt. Daher sind keine Versionsdetails zu betroffenen oder aktualisierten Versionen vorhanden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-28T00:02:05.116Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326171 | kidaze CourseSelectionSystem COUNT3s4.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.326171"
},
{
"name": "VDB-326171 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326171"
},
{
"name": "Submit #661282 | github.com CourseSelectionSystem V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661282"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/evilthan9/cve/issues/2"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-27T07:26:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "kidaze CourseSelectionSystem COUNT3s4.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11089",
"datePublished": "2025-09-28T00:02:05.116Z",
"dateReserved": "2025-09-27T05:21:05.899Z",
"dateUpdated": "2025-09-29T14:51:13.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}