CVE-2025-6307

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Online Shoe Store version 1.0

Description A critical issue affects the processing of the file /function/edit customer.php, where the manipulation of the firstname argument leads to SQL injection. The attack can be initiated remotely. Other parameters might also be affected.

Recommendations For code-projects Online Shoe Store version 1.0, consider disabling the edit customer functionality in the /function/edit customer.php file until a patch is available. Restrict access to the firstname parameter in the affected file to minimize the risk of exploitation.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-6307

Affected Products

Code-Projects Online Shoe Store

CVE-2025-6307

Weakness Enumeration

Related Identifiers

Affected Products

References · 13