20 matches found
CVE-2025-6503
CVE-2025-6503 affects code-projects Inventory Management System 1.0. The vulnerability is in processing /php_action/fetchSelectedCategories.php, where manipulating the categoriesId parameter leads to SQL injection. Exploitation can be remote, and public disclosure is noted. Multiple connected sou...
CVE-2025-6611
CVE-2025-6611 affects code-projects’ Inventory Management System 1.0. The vulnerability lies in the file /php_action/createBrand.php where the brandStatus parameter is susceptible to SQL injection. Exploitation can be performed remotely and public exploits exist. The issue is documented across mu...
CVE-2025-6819
Code-projects Inventory Management System 1.0 contains a SQL injection vulnerability in the /php_action/removeBrand.php endpoint triggered by the brandId parameter. The issue is exploitable remotely, and multiple connected sources describe it as a critical flaw with public exploit awareness. Affe...
CVE-2025-6501
Code-projects Inventory Management System 1.0 has a SQL injection in the /php_action/createCategories.php endpoint, triggered by the categoriesStatus parameter. The issue is remotely exploitable and the exploit has been publicly disclosed. Publicly accessible documents describe the vulnerability ...
CVE-2025-6502
CVE-2025-6502 affects code-projects’ Inventory Management System 1.0. The vulnerability arises from unsafely handling the user_id parameter in the file /php_action/changePassword.php , enabling SQL injection . The attack is described as remotely exploitable and the exploit has been publicly discl...
CVE-2025-6820
CVE-2025-6820 affects code-projects Inventory Management System 1.0, specifically the file /php_action/createProduct.php where the productName parameter can be manipulated to trigger SQL injection. The issue is exploitable remotely, and public exploitation has been disclosed. Concrete remediation...
CVE-2025-6823
CVE-2025-6823 affects code-projects Inventory Management System 1.0. The vulnerability arises from improper handling of the editProductName parameter in /php_action/editProduct.php, enabling SQL injection. Exploitation is described as remote and the exploit has been disclosed publicly. Connected ...
CVE-2025-6901
The CVE-2025-6901 entry refers to code-projects Inventory Management System 1.0 with a SQL injection in the userid parameter of the /php_action/removeUser.php endpoint. The vulnerability is remote-exploitable and has publicly disclosed exploits. Connected sources consistently identify the affecte...
CVE-2025-6500
CVE-2025-6500 affects code-projects Inventory Management System 1.0. The vulnerability is a SQL injection in the file /php_action/editCategories.php triggered by manipulating the editCategoriesName parameter due to lack of input validation. Impact per sources indicates potential data theft with r...
CVE-2025-6668
Code-projects Inventory Management System 1.0 contains a SQL injection in /php_action/fetchSelectedBrand.php via the brandId parameter. The issue is exploitable remotely and has public disclosure, with impact on confidentiality, integrity, and availability as described in multiple sources. No con...
CVE-2025-6821
Code-projects Inventory Management System 1.0 contains a SQL injection in /php_action/createOrder.php due to insufficient input filtering. The vulnerability allows remote exploitation and is publicly disclosed; multiple sources corroborate manipulation of the database and potential data exposure....
CVE-2025-6891
CVE-2025-6891 affects code-projects Inventory Management System 1.0. The vulnerability is a SQL injection driven by manipulating the Username argument in an unknown function within /php_action/createUser.php, and it can be exploited remotely. The exploitation is disclosed publicly in the provided...
CVE-2025-6822
CVE-2025-6822 affects code-projects Inventory Management System 1.0, specifically the /php_action/removeProduct.php endpoint. The vulnerability is a SQL injection caused by improper handling of the productId parameter, enabling remote exploitation. Several connected sources corroborate this issue...
CVE-2025-6902
CVE-2025-6902 affects code-projects Inventory Management System 1.0, specifically the /php_action/editUser.php endpoint where the edituserName parameter enables SQL injection. The vulnerability allows remote exploitation and was disclosed publicly. Multiple sources corroborate an SQL injection or...
CVE-2025-6474
The CVE-2025-6474 entry concerns code-projects Inventory Management System 1.0 and the vulnerable file /changeUsername.php. Multiple connected reports confirm that the vulnerability is a SQL injection caused by unsafely handling the user_id parameter, enabling remote exploitation and potentially ...
CVE-2025-6665
The CVE-2025-6665 entry describes a SQL injection in code-projects Inventory Management System 1.0, arising from unsafely handling the editBrandStatus parameter in the file /php_action/editBrand.php. The vulnerability is exploitable remotely and has been publicly disclosed, enabling attackers to ...
CVE-2025-6827
The CVE-2025-6827 entry pertains to code-projects Inventory Management System 1.0. The vulnerability is in /php_action/editOrder.php and is caused by insufficient input filtering, leading to a SQL injection. Impact is described as remote, with high/critical potential across confidentiality, integ...
CVE-2025-6828
CVE-2025-6828 affects code-projects Inventory Management System 1.0, with SQL injection in /orders.php via the i parameter. Root cause: unsafely handled input in orders.php allows remote attacker to manipulate SQL statements. Multiple sources (NVD, RH) describe it as critical with remote, unauthe...
CVE-2025-6834
CVE-2025-6834 affects code-projects Inventory Management System 1.0. The vulnerability is an SQL injection in the file /php_action/editPayment.php caused by unsafely handling the orderId parameter. It can be exploited remotely with no user interaction required. Multiple connected sources confirm ...
CVE-2025-6612
Code-projects Inventory Management System 1.0 contains a SQL injection vulnerability in the file /php_action/removeCategories.php triggered by manipulating the categoriesId parameter. The root cause is lack of input validation for externally supplied SQL statements. The issue is exploitable remot...