PT-2025-51133 · Itsourcecode · Online Petshop Management System

Fgekspogap

Publicado

2025-12-13

Atualizado

2025-12-14

CVE-2025-14637

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Online Pet Shop Management System version 1.0

Description A flaw exists in itsourcecode Online Pet Shop Management System version 1.0. The issue resides in unknown code within the /pet1/addcnp.php file. Manipulation of the cnpname argument can lead to SQL injection. This attack can be initiated remotely, and an exploit has been publicly released.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /pet1/addcnp.php file. Avoid using the cnpname parameter in the affected API endpoint until the issue is resolved.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-14637

Produtos afetados

Online Petshop Management System

PT-2025-51133 · Itsourcecode · Online Petshop Management System

CVE-2025-14637

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13