PT-2025-28358 · Unknown · Code-Projects Crime Reporting System

Woziziiziz

Publicado

2025-07-08

Atualizado

2025-07-08

CVE-2025-7168

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: code-projects Crime Reporting System version 1.0

Description: A critical issue affects the processing of the file /userlogin.php. The manipulation of the email argument leads to SQL injection. The attack can be initiated remotely.

Recommendations: For code-projects Crime Reporting System version 1.0, consider disabling the /userlogin.php file or restricting access to it until a patch is available. Avoid using the email argument in the affected file to minimize the risk of exploitation.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2025-7168

Produtos afetados

Code-Projects Crime Reporting System

PT-2025-28358 · Unknown · Code-Projects Crime Reporting System

CVE-2025-7168

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8