CVE-2025-15211

Name of the Vulnerable Software and Affected Versions Refugee Food Management System version 1.0

Description A flaw exists in Refugee Food Management System 1.0 that allows for SQL injection. Manipulation of the arguments refNo, Fname, Lname, sex, age, contact, and nationality nid can lead to a successful attack. This can be executed remotely. The exploit has been published. The vulnerable file is located at '/home/refugee.php' and involves an unknown function.

Recommendations Apply any available updates or patches to address the SQL injection issue. As a temporary workaround, sanitize or validate the input for the refNo, Fname, Lname, sex, age, contact, and nationality nid arguments before using them in SQL queries. Restrict access to the '/home/refugee.php' file to minimize the risk of exploitation.