PT-2025-27489 · Unknown · Simple Pizza Ordering System

Catcheryp

Publicado

2025-07-01

Atualizado

2025-07-15

CVE-2025-6936

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: code-projects Simple Pizza Ordering System version 1.0

Description: A critical issue has been found in the Simple Pizza Ordering System, affecting an unknown part of the /addpro.php file. The manipulation of the ID argument leads to SQL injection. This issue can be exploited remotely.

Recommendations: For version 1.0, consider disabling the /addpro.php file or restricting access to it until a patch is available. Avoid using the ID argument in the affected file to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-6936

Produtos afetados

Simple Pizza Ordering System

PT-2025-27489 · Unknown · Simple Pizza Ordering System

CVE-2025-6936

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13