CVE-2025-65354

Name of the Vulnerable Software and Affected Versions PuneethReddyHC event-management version 1.0

Description Improper input handling in the /Grocery/search products itname.php file allows for SQL injection via the sitem name POST parameter. Crafted payloads can alter query logic and disclose database contents, potentially leading to sensitive data disclosure and backend compromise. The sitem name parameter is vulnerable to exploitation.

Recommendations For PuneethReddyHC event-management version 1.0, sanitize or validate the sitem name POST parameter to prevent SQL injection attacks. As a temporary workaround, restrict access to the /Grocery/search products itname.php file until a proper fix is implemented.