CVE-2025-13280

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodeAstro Simple Inventory System version 1.0

Description A flaw exists in CodeAstro Simple Inventory System 1.0 that allows for potential SQL injection. This issue is located within the Login component, specifically in the

/index.php

file. Manipulation of the

Username

parameter can trigger the injection. The attack can be initiated remotely, and details about the exploit have been publicly released.

Recommendations As a temporary workaround, consider restricting access to the vulnerable file

/index.php

until a fix is available. Avoid using the parameter

Username

in the Login component until the issue is resolved.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-13280

Affected Products

Codeastro Simple Inventory System

CVE-2025-13280

Weakness Enumeration

Related Identifiers

Affected Products

References · 10