CVE-2025-11515

MEDIUM

Online Complaint Site 1.0 - SQL Injection via Register Complaint CID Parameter

Title source: llm
STIX 2.1

Description

A security flaw has been discovered in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/users/register-complaint.php. Performing manipulation of the argument cid results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.327640
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.327640
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.669813
Exploit, Third Party Advisory exploit issue-tracking
https://github.com/Aurion365/cve/issues/2
Product product
https://code-projects.org/

Scores

CVSS v3 6.3
EPSS 0.0003
EPSS Percentile 8.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-74 CWE-89
Status published
Products (1)
fabian/online_complaint_site 1.0
Published Oct 09, 2025
Tracked Since Feb 18, 2026