{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-11479","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-10-08T05:04:53.489Z","datePublished":"2025-10-08T14:32:06.086Z","dateUpdated":"2025-10-08T15:55:25.093Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-10-08T14:32:06.086Z"},"title":"SourceCodester Wedding Reservation Management System function.php insertReservation sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"SourceCodester","product":"Wedding Reservation Management System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in SourceCodester Wedding Reservation Management System 1.0. Impacted is the function insertReservation of the file function.php. Such manipulation of the argument number leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."},{"lang":"de","value":"Es wurde eine Schwachstelle in SourceCodester Wedding Reservation Management System 1.0 entdeckt. Betroffen ist die Funktion insertReservation der Datei function.php. Die Manipulation des Arguments number führt zu sql injection. Ein Angriff ist aus der Distanz möglich. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-10-08T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-10-08T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-10-08T07:09:57.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Drnbnonono (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.327597","name":"VDB-327597 | SourceCodester Wedding Reservation Management System function.php insertReservation sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.327597","name":"VDB-327597 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.667388","name":"Submit #667388 | SourceCodester Wedding Reservation Management System V1.0 SQL Injection","tags":["third-party-advisory"]},{"url":"https://github.com/DrNbnonono/CVE/issues/7","tags":["exploit","issue-tracking"]},{"url":"https://www.sourcecodester.com/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-08T15:55:16.203692Z","id":"CVE-2025-11479","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-08T15:55:25.093Z"}}]}}