CVE-2025-0563

Name of the Vulnerable Software and Affected Versions code-projects Fantasy-Cricket version 1.0

Description A critical issue has been found, allowing for SQL injection through the manipulation of the uname argument in an unknown function of the file /dash/update.php. This can be exploited remotely. The issue has been publicly disclosed and may be used for attacks.

Recommendations For code-projects Fantasy-Cricket version 1.0, as a temporary workaround, consider restricting access to the /dash/update.php file until a patch is available. Avoid using the uname argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.