CVE-2025-8935

Name of the Vulnerable Software and Affected Versions: 1000 Projects Sales Management System version 1.0

Description: A vulnerability exists in an unknown functionality of the file /superstore/custcmp.php. Manipulation of the Username argument leads to a SQL injection. The attack can be launched remotely. The exploit has been publicly disclosed.

Recommendations: For 1000 Projects Sales Management System version 1.0, sanitize or validate the Username parameter to prevent SQL injection. As a temporary workaround, consider restricting access to the /superstore/custcmp.php file until a fix is available.