PT-2025-6142 · Unknown · Sourcecodester Contact Manager With Export To Vcf
Xcode0X
·
Published
2025-02-11
·
Updated
2025-03-03
·
CVE-2025-1168
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
SourceCodester Contact Manager with Export to VCF version 1.0
Description:
A critical issue has been found in the SourceCodester Contact Manager with Export to VCF. The problem affects the /endpoint/delete-contact.php file, where the manipulation of the
contact argument leads to SQL injection. This issue can be exploited remotely.Recommendations:
For SourceCodester Contact Manager with Export to VCF version 1.0, consider disabling the /endpoint/delete-contact.php endpoint until a patch is available to prevent SQL injection attacks. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the
contact argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Contact Manager With Export To Vcf