CVE-2025-11552 MEDIUM

CVE-2025-11552: code-projects Online Complaint Site category.php sql injection

Vendor Code-Projects

Product Online Complaint Site

Weakness CWE-89 · SQLi

Published October 9, 2025

Last update October 9, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Key dates

02Disclosure timeline

October 9, 2025 CVE published

October 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-11552 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2026-8785 projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatientDetail sql injection CVE-2024-10738 itsourcecode Farm Management System manage-breed.php sql injection CVE-2025-26941 WordPress Church Admin plugin <= 5.0.18 - SQL Injection vulnerability CVE-2024-5378 SourceCodester School Intramurals Student Attendance Management System manage_sy.php sql injection CVE-2025-47544 WordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.8 - SQL Injection Vulnerability