11 matches found
CVE-2025-2385
The CVE-2025-2385 entry concerns code-projects Modern Bag 1.0. The vulnerability lies in the /login.php file where the parameters userEmail and userPassword are not validated, leading to SQL injection. This enables remote attackers to craft inputs that may manipulate database queries, potentially...
CVE-2025-7508
The CVE-2025-7508 entry concerns code-projects Modern Bag 1.0, with a SQL injection in /admin/product-update.php arising from unsanitized manipulation of idProduct. A remote attacker could exploit this, and public exploits have been disclosed. Multiple connected sources corroborate the presence o...
CVE-2025-7514
CVE-2025-7514 affects code-projects Modern Bag 1.0. The vulnerability is an SQL injection in /admin/contact-list.php, caused by unsanitized handling of the idStatus parameter. This allows remote exploitation and data leakage of the database as described in multiple sources. Remediation mentioned ...
CVE-2025-7461
CVE-2025-7461 affects code-projects Modern Bag 1.0, specifically the file /action.php. The vulnerability arises from improper validation of the proId parameter, enabling SQL injection and potentially allowing remote exploitation. Multiple connected sources confirm this SQLi in an unknown/unspecif...
CVE-2025-7467
CVE-2025-7467 affects code-projects Modern Bag 1.0. The vulnerability is in the file /product-detail.php where the ID parameter can be manipulated to perform SQL injection. This allows remote initiation of an attack, and the exploit has been disclosed publicly. Connected sources corroborate an SQ...
CVE-2025-7509
Summary: CVE-2025-7509 affects code-projects Modern Bag 1.0. The vulnerability is in the file /admin/slide.php, where the idSlide parameter is manipulated to cause a SQL injection. This allows remote initiation and, per the description, the exploit has been disclosed publicly. Several connected s...
CVE-2025-7510
CVE-2025-7510 concerns Modern Bag 1.0 with a SQL injection in /admin/productadd_back.php via the namepro parameter. The vulnerability allows remote exploitation and is confirmed by multiple sources referencing the same file/parameter without input validation. Affected component: the server-side c...
CVE-2025-7512
CVE-2025-7512 affects Modern Bag 1.0, with a SQL injection vulnerability in /contact-back.php triggered by the contact-name parameter. Multiple connected sources confirm remote exploitation and public disclosure. The root cause is improper handling/validation of externally supplied SQL in the con...
CVE-2025-7478
Consolidated details from connected reports confirm a SQL injection in Modern Bag 1.0, triggered by manipulating the idCate parameter in /admin/category-list.php. This vulnerability allows remote exploitation and has publicly disclosed exploit information. Reports consistently identify the root c...
CVE-2025-7471
Summary: CVE-2025-7471 affects code-projects Modern Bag 1.0. Affected component: /admin/login-back.php. Root cause: input manipulation of the parameter user-name enables SQL injection. Impact: remote exploitation with potential data theft; exploitation publicly disclosed. Evidence from connected ...
CVE-2025-7513
CVE-2025-7513 affects code-projects Modern Bag 1.0. The vulnerability is in the file /admin/slideupdate.php where manipulating the idSlide parameter allows SQL injection. Multiple sources (CNVD, CNNVD, Red Hat, NVD, CVE listings) confirm remote exploitation with publicly disclosed exploit informa...