CVE Alert: CVE-2025-11033 – kidaze – CourseSelectionSystem
CVE-2025-11033
A vulnerability has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Impacted is an unknown function of the file /Profilers/PriProfile/COUNT3s7.php. The manipulation of the argument cbe leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
AI Summary Analysis
Risk verdict
High risk: remote, unauthenticated SQL injection with publicly disclosed exploit guidance; urgent attention recommended.
Why this matters
An attacker can remotely trigger data leakage, modification or partial disruption of the affected database without user interaction. With a publicly available proof-of-concept, the window for automated or mass exploitation is open, especially for exposed educational-management deployments.
Most likely attack path
No authentication required and network-accessible, enabling remote injection via crafted input. An attacker need only reach the vulnerable PHP entry point and supply manipulated data to the cbe parameter, enabling database compromise with limited privilege impact and potential data integrity problems; the attack remains within the same application scope without elevating beyond the DB layer.
Who is most exposed
Institutions running web-facing Course Selection systems, particularly those on rolling-release or less-patched stacks, are at greatest risk. Deployments behind public internet access or with weak input handling are common patterns that align with this exposure.
Detection ideas
- Logs show requests to the vulnerable endpoint with suspicious cbe values or SQL-pattern payloads.
- Database errors or latency spikes linked to specific inputs that resemble SQL syntax.
- Web/app firewall alerts for SQL injection indicators targeting the endpoint.
- Repeated, automated probes matching PoC characteristics.
- Unusual data access patterns or unexpected data returned from the DB during input.
Mitigation and prioritisation
- Implement input validation and parameterised queries; remove dynamic query construction.
- Apply a web application firewall rule to block SQLi patterns targeting the endpoint; restrict public exposure where feasible.
- Patch or hotfix the application code; apply least-privilege DB credentials and monitor DB activity for anomalous reads/writes.
- Introduce compensating controls: IP allow-list, authentication, and rigorous change-management for rolling-release components.
- Enable enhanced logging and alerting on the vulnerable path; conduct a targeted security review of the affected module.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
