CVE-2025-14248

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Simple Shopping Cart version 1.0

Description A flaw exists in code-projects Simple Shopping Cart version 1.0 that allows for remote SQL injection. The issue is located in the file '/adminlogin.php', specifically through manipulation of the admin username argument within an unknown function. The exploit for this issue is publicly available.

Recommendations Apply any available updates or patches for code-projects Simple Shopping Cart version 1.0. As a temporary workaround, restrict access to the '/adminlogin.php' file. Sanitize the admin username input to prevent SQL injection attacks.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-14248

Affected Products

Simple Php Shopping Cart

CVE-2025-14248

Weakness Enumeration

Related Identifiers

Affected Products

References · 12