CVE-2025-11600

📊 5.3 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published Oct 11, 2025

📋 Status: Analyzed

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file editcategory.php. Such manipulation of the argument cname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	fabian	simple food ordering system	1.0	Vulnerable	cpe:2.3:a:fabian:simple_food_ordering_system:1.0:::::::*

📱

fabian / simple food ordering system

Application

Vulnerable

Version: 1.0

CPE:

cpe:2.3:a:fabian:simple_food_ordering_system:1.0:*:*:*:*:*:*:*

Metrics

5.3 MEDIUMCVSS v4.0[email protected]

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

5.3 (MEDIUM)v4.0

Source: [email protected]

EPSS Details

0.0% (Minimal)6.7th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Oct 11, 2025 (22 days ago)

Last Modified

Oct 23, 2025 (9 days ago)

Security Weaknesses3

CWE-74CWE-89

References5

NVDgeneralgeneral+2