SQL Injection Vulnerability in Code-Projects Online Complaint Site 1.0
CVE-2025-11515

5.3MEDIUM

Key Information:

Vendor: Code-projects
Status: Online Complaint Site
Vendor: CVE Published:; 9 October 2025

🔔 Create Code-projects Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-11515?

A security flaw has been identified in the Online Complaint Site, specifically in the processing of user complaints through the register-complaint.php script. This vulnerability allows for SQL injection via manipulation of the cid parameter. Remote attackers can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access or modification. The exploit details have been publicly released, increasing the urgency for affected users to secure their installations.

Affected Version(s)

Online Complaint Site 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-11515 - Proof of Concept