cbcvebase.
CVE-2025-22785
published 2025-01-15

CVE-2025-22785: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system…

PriorityP268critical9.3CVSS 3.1
AVNACLPRNUINSCCHINAL
EXPLOIT
EPSS
2.85%
84.9th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system allows SQL Injection.This issue affects Course Booking System: from n/a through <= 6.0.6.

Affected

1 ranges
VendorProductVersion rangeFixed in
commotioncourse_booking_system<= 6.0.6

Detection & IOCsextracted from sources · hover to see the quote

sigma
condition: and
- 'Course Booking System = 8\''
- 'len(body) == 0'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
bytes
4a0a00473045022100f8f2e43ac61373f282301eaf4fd70ec89330a1df8f6a56b6294ae434509424a40220689d325d482c7a1a4e86040e644713043ba21f0b9abc111ccc29b25c2fe51486:922c64590222798bb761d5b6d8e72950
  • Detect SQL injection attempts against the Course Booking System plugin by looking for responses with status 200, empty body, and text/html content-type — consistent with blind SQL injection probing (e.g., payload '8'' triggering silent error suppression).
  • The vulnerability affects Course Booking System plugin versions up to and including 6.0.6; monitor WordPress installations running this plugin version range for anomalous SQL-like input in request parameters.
  • ·The detection rule targets a blind SQL injection pattern (empty body, HTTP 200, text/html) which may produce false positives on other legitimate empty-response pages; tune with plugin-specific URL path context.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.