PT-2025-4069 · Unknown · Needyamin Library Card System
Maloy Roy Orko
+1
·
Published
2025-01-29
·
Updated
2025-01-30
·
CVE-2025-0843
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
needyamin Library Card System version 1.0
Description
A critical issue has been identified in the Admin Panel component, specifically in the admindashboard.php file, where an unknown function is affected. The manipulation of the
email and password arguments leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used.Recommendations
needyamin Library Card System version 1.0: Update the admindashboard.php file to prevent SQL injection by properly sanitizing the
email and password arguments. As a temporary workaround, consider restricting access to the Admin Panel component until the issue is resolved.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Needyamin Library Card System