CVE-2025-8936

Name of the Vulnerable Software and Affected Versions: 1000 Projects Sales Management System version 1.0

Description: A SQL injection issue exists in 1000 Projects Sales Management System 1.0. The vulnerability affects an unknown functionality within the /superstore/dist/dordupdate.php file. Manipulation of the select2 argument can lead to SQL injection, and the attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Recommendations: Versions prior to 1.0 should be updated. As a temporary workaround, consider restricting access to the /superstore/dist/dordupdate.php file until a patch is available.