{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-11600", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-10-10T12:48:28.306Z", "datePublished": "2025-10-11T12:32:05.817Z", "dateUpdated": "2025-10-14T14:06:44.036Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-11T12:32:05.817Z"}, "title": "code-projects Simple Food Ordering System editcategory.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "code-projects", "product": "Simple Food Ordering System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file editcategory.php. Such manipulation of the argument cname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in code-projects Simple Food Ordering System 1.0 entdeckt. Betroffen ist eine unbekannte Funktion der Datei editcategory.php. Die Bearbeitung des Arguments cname verursacht sql injection. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-10-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-10-10T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-10-10T14:53:58.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "seeu1 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.327921", "name": "VDB-327921 | code-projects Simple Food Ordering System editcategory.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.327921", "name": "VDB-327921 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.671913", "name": "Submit #671913 | code-projects Simple Food Ordering System 1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/zzonce/cve/issues/1", "tags": ["exploit", "issue-tracking"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"references": [{"url": "https://github.com/zzonce/cve/issues/1", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T13:23:43.134019Z", "id": "CVE-2025-11600", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T14:06:44.036Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11600", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-14T13:23:43.134019Z"}}}], "references": [{"url": "https://github.com/zzonce/cve/issues/1", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T13:23:45.499Z"}}], "cna": {"tags": ["x_freeware"], "title": "code-projects Simple Food Ordering System editcategory.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "seeu1 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "code-projects", "product": "Simple Food Ordering System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2025-10-10T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-10-10T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-10-10T14:53:58.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.327921", "name": "VDB-327921 | code-projects Simple Food Ordering System editcategory.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.327921", "name": "VDB-327921 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.671913", "name": "Submit #671913 | code-projects Simple Food Ordering System 1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/zzonce/cve/issues/1", "tags": ["exploit", "issue-tracking"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file editcategory.php. Such manipulation of the argument cname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in code-projects Simple Food Ordering System 1.0 entdeckt. Betroffen ist eine unbekannte Funktion der Datei editcategory.php. Die Bearbeitung des Arguments cname verursacht sql injection. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-11T12:32:05.817Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11600", "state": "PUBLISHED", "dateUpdated": "2025-10-14T14:06:44.036Z", "dateReserved": "2025-10-10T12:48:28.306Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-10-11T12:32:05.817Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fabian:simple_food_ordering_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A79BB63C-FF08-4190-BC96-A24DC587AD07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file editcategory.php. Such manipulation of the argument cname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."}], "id": "CVE-2025-11600", "lastModified": "2025-10-23T20:06:00.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-10-11T13:15:30.923", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://code-projects.org/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "url": "https://github.com/zzonce/cve/issues/1"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.327921"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.327921"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.671913"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "url": "https://github.com/zzonce/cve/issues/1"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}