CVE-2025-11040 MEDIUM

CVE-2025-11040: code-projects Hostel Management System index.php sql injection

Vendor Code-Projects
Product Hostel Management System
Weakness CWE-89 · SQLi
Published September 26, 2025
Last update September 29, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in code-projects Hostel Management System 1.0. Affected by this issue is some unknown functionality of the file /justines/admin/mod_users/index.php?view=view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

Key dates

02Disclosure timeline

September 26, 2025 CVE published
September 29, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-13476 LTL Freight Quotes – GlobalTranz Edition <= 2.3.11 - Unauthenticated SQL Injection CVE-2023-3680 SourceCodester Lost and Found Information System HTTP POST Request sql injection CVE-2025-13267 SourceCodester Dental Clinic Appointment Reservation System success.php sql injection CVE-2025-7539 code-projects Online Appointment Booking System getdoctordaybooking.php sql injection CVE-2016-20063 Single Personal Message 1.0.3 WordPress Plugin SQL Injection