PT-2025-41214 · Code Projects · Web-Based Inventory/Pos System

Riovulntest

Publicado

2025-10-08

Atualizado

2025-10-13

CVE-2025-11424

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Web-Based Inventory and POS System version 1.0

Description A flaw exists in code-projects Web-Based Inventory and POS System 1.0. The issue is related to the manipulation of the emailid argument in the /login.php file, which can lead to SQL injection. This can be exploited remotely. The details of the exploit have been publicly disclosed.

Recommendations Apply any available updates or patches for code-projects Web-Based Inventory and POS System version 1.0. As a temporary workaround, restrict access to the /login.php file. Sanitize the emailid input to prevent SQL injection attacks.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-11424

Produtos afetados

Web-Based Inventory/Pos System

PT-2025-41214 · Code Projects · Web-Based Inventory/Pos System

CVE-2025-11424

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12