Unknown · Code-Projects Online Bidding System · CVE-2025-10795
**Name of the Vulnerable Software and Affected Versions**
code-projects Online Bidding System version 1.0
**Description**
A flaw exists in code-projects Online Bidding System 1.0 within the file `/administrator/bidupdate.php`. Manipulation of the `ID` argument can lead to SQL injection. This issue is remotely exploitable and the exploit is publicly available. The API endpoint involved is `/administrator/bidupdate.php`. The vulnerable parameter is `ID`.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.