NOMISEC-RandomRobbieBF/CVE-2025-22785

NOMISEC WORKING POC

Exploit for CVE-2025-22785 - ComMotion Course Booking System <6.0.5 - SQL Injection

AI Analysis

This repository provides a proof-of-concept for an unauthenticated SQL injection vulnerability in the Course Booking System WordPress plugin (versions up to 6.0.5). The PoC uses sqlmap to demonstrate time-based blind SQL injection via the 'course_id' parameter.

Attack Type

SQLi

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 1

https://github.com/RandomRobbieBF/CVE-2025-22785

Stars 0

Forks 0

Last Push Jan 23, 2025

Authors

RandomRobbieBF

Vulnerability

CVE-2025-22785

ComMotion Course Booking System <6.0.5 - SQL Injection

CRITICAL

CVSS 9.3