PT-2025-51110 · Itsourcecode · Online Petshop Management System

Mos_Xgzi

Publicado

2025-12-13

Atualizado

2025-12-18

CVE-2025-14587

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Online Pet Shop Management System version 1.0

Description A flaw exists in itsourcecode Online Pet Shop Management System version 1.0 that allows for SQL injection. The issue is located in the file /pet1/available.php, specifically through manipulation of the Name parameter. This allows for remote execution of attacks. The exploit is publicly available.

Recommendations Versions prior to 1.0 should be updated. As a temporary workaround, restrict access to the /pet1/available.php file to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-14587

Produtos afetados

Online Petshop Management System

PT-2025-51110 · Itsourcecode · Online Petshop Management System

CVE-2025-14587

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13