PT-2026-4967 · Code Projects · Mobile Shop Management System
Published
2026-01-27
·
Updated
2026-02-02
·
CVE-2025-69564
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
code-projects Mobile Shop Management System version 1.0
Description
The software contains a SQL Injection flaw in the '/ExAddNewUser.php' component. The following parameters are susceptible:
Name, Address, email, UserName, Password, confirm password, Role, Branch, and Activate. This allows for potential unauthorized access or manipulation of the database.Recommendations
Apply input validation and parameterized queries to the '/ExAddNewUser.php' component to prevent SQL Injection attacks. Sanitize the
Name, Address, email, UserName, Password, confirm password, Role, Branch, and Activate parameters before using them in database queries.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mobile Shop Management System