SQL Injection Vulnerability in Kidaze CourseSelectionSystem Affecting Multiple Versions
CVE-2025-11032

6.9MEDIUM

Key Information:

Vendor

Kidaze

Status
Courseselectionsystem
Vendor
CVE Published:
26 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-11032?

A security flaw has been identified in the Kidaze CourseSelectionSystem, specifically in the file /Profilers/PriProfile/COUNT3s6.php. This vulnerability allows for SQL injection through manipulating the argument CPU, which can be executed remotely. Given the nature of the product's rolling release system, specific version information for affected releases may not always be disclosed, leading to potential exposure if not promptly addressed. Details regarding the exploit have been made available, emphasizing the importance of immediate remediation for affected systems.

Affected Version(s)

CourseSelectionSystem 42cd892b40a18d50bd4ed1905fa89f939173a464

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-11032 - Proof of Concept

References

https://vuldb.com/?id.325979
vdb-entrytechnical-description
https://vuldb.com/?ctiid.325979
signaturepermissions-required
https://vuldb.com/?submit.657950
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

LiMing0618 (VulDB User)
JSON
.
CVE-2025-11032 : SQL Injection Vulnerability in Kidaze CourseSelectionSystem Affecting Multiple Versions