CVE-2025-1381

Name of the Vulnerable Software and Affected Versions: code-projects Real Estate Property Management System version 1.0

Description: A critical issue was found in the code-projects Real Estate Property Management System. This issue affects an unknown part of the file /ajax city.php. The manipulation of the CityName argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations: For code-projects Real Estate Property Management System version 1.0, as a temporary workaround, consider restricting access to the /ajax city.php file or disabling the manipulation of the CityName argument until a patch is available. Avoid using the CityName argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.