PT-2025-27432 · Code Projects · Code-Projects Inventory Management System
P1Nkshox
·
Published
2025-06-30
·
Updated
2025-07-05
·
CVE-2025-6901
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
code-projects Inventory Management System version 1.0
Description:
A critical issue affects the processing of the file /php action/removeUser.php. The manipulation of the
userid argument leads to SQL injection. The attack can be initiated remotely. An exploit has been publicly disclosed and may be used.Recommendations:
For code-projects Inventory Management System version 1.0, consider disabling the removeUser functionality in the /php action/removeUser.php file until a patch is available to prevent SQL injection attacks. Restrict access to the /php action/removeUser.php endpoint to minimize the risk of exploitation. Avoid using the
userid argument in the affected endpoint until the issue is resolved.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Code-Projects Inventory Management System