{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-11030","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-26T08:30:22.259Z","datePublished":"2025-09-26T17:02:06.052Z","dateUpdated":"2025-09-26T17:51:06.849Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-26T17:02:06.052Z"},"title":"Tutorials-Website Employee Management System HTTP Request all-applied-leave.php improper authorization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-285","lang":"en","description":"Improper Authorization"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"Tutorials-Website","product":"Employee Management System","versions":[{"version":"611887d8f8375271ce8abc704507d46340837a60","status":"affected"}],"modules":["HTTP Request Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed."},{"lang":"de","value":"Es wurde eine Schwachstelle in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/all-applied-leave.php der Komponente HTTP Request Handler. Durch das Manipulieren mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Es ist möglich, den Angriff aus der Ferne durchzuführen. Die Ausnutzung wurde veröffentlicht und kann verwendet werden. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-26T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-26T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-26T10:35:29.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"ary52 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.325969","name":"VDB-325969 | Tutorials-Website Employee Management System HTTP Request all-applied-leave.php improper authorization","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.325969","name":"VDB-325969 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.657210","name":"Submit #657210 | https://github.com/tutorials-website Employee Management System(EMS Version-1.0) 1.0 broken access control","tags":["third-party-advisory"]},{"url":"https://drive.google.com/file/d/1N5ApKiYw-yKNhVERr4m3ruooiANgpFRo/view?usp=sharing","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-26T17:34:54.295059Z","id":"CVE-2025-11030","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-26T17:51:06.849Z"}}]}}