PT-2025-27432 · Code Projects · Code-Projects Inventory Management System
P1Nkshox
·
Publicado
2025-06-30
·
Atualizado
2025-07-05
·
CVE-2025-6901
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
code-projects Inventory Management System version 1.0
Description:
A critical issue affects the processing of the file /php action/removeUser.php. The manipulation of the
userid argument leads to SQL injection. The attack can be initiated remotely. An exploit has been publicly disclosed and may be used.Recommendations:
For code-projects Inventory Management System version 1.0, consider disabling the removeUser functionality in the /php action/removeUser.php file until a patch is available to prevent SQL injection attacks. Restrict access to the /php action/removeUser.php endpoint to minimize the risk of exploitation. Avoid using the
userid argument in the affected endpoint until the issue is resolved.Exploit
Correção
Special Elements Injection
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Code-Projects Inventory Management System