CVE-2025-13576

Blog Site 1.0 is affected by CVE-2025-13576 due to improper authorization in the admin.php file. The vulnerability arises from an unclear/unknown function in /admin.php that can be manipulated to bypass authorization, enabling remote exploitation. Multiple endpoints are affected, and exploitation...

CVE-2025-13576 code-projects Blog Site admin.php improper authorization

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

CVE-2025-13575 code-projects Blog Site Category blog.php category_exists sql injection

A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function categoryexists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. The attack may be performed from...

PT-2025-47870

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

CVE-2025-9929

The CVE-2025-9929 entry concerns Code-Projects Responsive Blog Site 1.0. A vulnerability in blogs_view.php arises from improper manipulation of the parameters product_code, gen_name, product_name, and supplier, enabling cross-site scripting. The issue appears exploitable remotely and an exploit h...