CVE-2025-11358

CWE-74CWE-89SQL InjectionCWE-1321Prototype Pollution5 documents5 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 91.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Code-projects Simple Banking SystemCodeastro Simple Banking System
Timeline
PublishedOct 7

Description

A weakness has been identified in code-projects Simple Banking System 1.0. Impacted is an unknown function of the file /removeuser.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-457p-q34w-3pc3: A weakness has been identified in code-projects Simple Banking System 12025-10-07
CVEList
code-projects Simple Banking System removeuser.php sql injection2025-10-07

💥Exploits & PoCs

1
Exploit-DB
jQuery 3.3.1 - Prototype Pollution & XSS Exploit2025-04-08

📋Vendor Advisories

1
Microsoft
jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerab2019-04-09
CVE-2025-11358 (MEDIUM CVSS 5.3) | A weakness has been identified in c | cvebase.io