PT-2025-47145 · Codeastro · Codeastro Simple Inventory System

Fanhao

Published

2025-11-17

Updated

2025-11-22

CVE-2025-13280

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodeAstro Simple Inventory System version 1.0

Description A flaw exists in CodeAstro Simple Inventory System 1.0 that allows for potential SQL injection. This issue is located within the Login component, specifically in the /index.php file. Manipulation of the Username parameter can trigger the injection. The attack can be initiated remotely, and details about the exploit have been publicly released.

Recommendations As a temporary workaround, consider restricting access to the vulnerable file /index.php until a fix is available. Avoid using the parameter Username in the Login component until the issue is resolved.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-13280

Affected Products

Codeastro Simple Inventory System

PT-2025-47145 · Codeastro · Codeastro Simple Inventory System

CVE-2025-13280

Weakness Enumeration

Related Identifiers

Affected Products

References · 11