PT-2025-39729 · Unknown · Code-Projects Online Bidding System
Edenchen
·
Published
2025-09-27
·
Updated
2025-10-02
·
CVE-2025-11066
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
code-projects Online Bidding System version 1.0
Description
A flaw exists in code-projects Online Bidding System version 1.0 that allows for SQL injection. Manipulation of the
ID argument in the file '/administrator/bidlist.php' can trigger this issue. The attack can be launched remotely. The exploit has been published.Recommendations
Apply any available updates to address the SQL injection issue in the '/administrator/bidlist.php' file.
As a temporary workaround, restrict access to the '/administrator/bidlist.php' file.
Sanitize the
ID parameter before using it in SQL queries.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Code-Projects Online Bidding System