PT-2025-39122 · Unknown · Code-Projects Online Bidding System

Fengyilin

Publicado

2025-09-23

Atualizado

2025-09-23

CVE-2025-10842

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Online Bidding System version 1.0

Description A flaw exists in code-projects Online Bidding System that allows for SQL injection. The issue is located in the file /administrator/wew.php and involves manipulation of the ID argument within an unknown function. This can be exploited remotely. The exploit is publicly available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2025-10842

Produtos afetados

Code-Projects Online Bidding System

PT-2025-39122 · Unknown · Code-Projects Online Bidding System

CVE-2025-10842

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11