CVE-2025-5483 - LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation
CVE ID : CVE-2025-5483
Published : Nov. 7, 2025, 3:27 a.m. | 26 minutes ago
Description : The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO functionality is enabled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5483
Published : Nov. 7, 2025, 3:27 a.m. | 26 minutes ago
Description : The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO functionality is enabled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64328 - FreePBX Administration GUI is Vulnerable to Authenticated Command Injection
CVE ID : CVE-2025-64328
Published : Nov. 7, 2025, 3:32 a.m. | 22 minutes ago
Description : FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64328
Published : Nov. 7, 2025, 3:32 a.m. | 22 minutes ago
Description : FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12352 - Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'
CVE ID : CVE-2025-12352
Published : Nov. 7, 2025, 5:15 a.m. | 2 hours, 38 minutes ago
Description : The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This only impacts sites that have allow_url_fopen set to `On`, the post creation form enabled along with a file upload field for the post
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12352
Published : Nov. 7, 2025, 5:15 a.m. | 2 hours, 38 minutes ago
Description : The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This only impacts sites that have allow_url_fopen set to `On`, the post creation form enabled along with a file upload field for the post
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4519 - IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function
CVE ID : CVE-2025-4519
Published : Nov. 7, 2025, 5:16 a.m. | 2 hours, 38 minutes ago
Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate a password reset for any user (including administrators) and elevate their privileges for full site takeover.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4519
Published : Nov. 7, 2025, 5:16 a.m. | 2 hours, 38 minutes ago
Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate a password reset for any user (including administrators) and elevate their privileges for full site takeover.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4522 - IDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Function
CVE ID : CVE-2025-4522
Published : Nov. 7, 2025, 5:16 a.m. | 2 hours, 38 minutes ago
Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id parameter value to the wp_delete_user() function, authenticated attackers, with Subscriber-level access and above could delete arbitrary user accounts, including those of administrators.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4522
Published : Nov. 7, 2025, 5:16 a.m. | 2 hours, 38 minutes ago
Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id parameter value to the wp_delete_user() function, authenticated attackers, with Subscriber-level access and above could delete arbitrary user accounts, including those of administrators.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64329 - containerd CRI server: Host memory exhaustion through Attach goroutine leak
CVE ID : CVE-2025-64329
Published : Nov. 7, 2025, 5:16 a.m. | 2 hours, 38 minutes ago
Description : containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64329
Published : Nov. 7, 2025, 5:16 a.m. | 2 hours, 38 minutes ago
Description : containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64336 - ClipBucket v5's Manage Photo Feature is Vulnerable to Stored XSS Attack via Photo Title
CVE ID : CVE-2025-64336
Published : Nov. 7, 2025, 5:16 a.m. | 2 hours, 38 minutes ago
Description : ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin → Manage Photos section, resulting in JavaScript execution in the administrator’s browser. This issue is fixed in version 5.5.2-#147.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64336
Published : Nov. 7, 2025, 5:16 a.m. | 2 hours, 38 minutes ago
Description : ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin → Manage Photos section, resulting in JavaScript execution in the administrator’s browser. This issue is fixed in version 5.5.2-#147.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64338 - Apache Struts SQL Injection
CVE ID : CVE-2025-64338
Published : Nov. 7, 2025, 5:16 a.m. | 2 hours, 38 minutes ago
Description : Rejected reason: This CVE is a duplicate of another CVE.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64338
Published : Nov. 7, 2025, 5:16 a.m. | 2 hours, 38 minutes ago
Description : Rejected reason: This CVE is a duplicate of another CVE.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12520 - WP Airbnb Review Slider <= 4.2 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID : CVE-2025-12520
Published : Nov. 7, 2025, 6:15 a.m. | 1 hour, 38 minutes ago
Description : The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12520
Published : Nov. 7, 2025, 6:15 a.m. | 1 hour, 38 minutes ago
Description : The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12527 - Page & Post Notes <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/Deletion
CVE ID : CVE-2025-12527
Published : Nov. 7, 2025, 6:15 a.m. | 1 hour, 38 minutes ago
Description : The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydev_notes_save_dashboard_data' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify notes.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12527
Published : Nov. 7, 2025, 6:15 a.m. | 1 hour, 38 minutes ago
Description : The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydev_notes_save_dashboard_data' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify notes.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64339 - ClipBucket v5: Stored XSS Vulnerability in Manage Playlists
CVE ID : CVE-2025-64339
Published : Nov. 7, 2025, 6:15 a.m. | 1 hour, 38 minutes ago
Description : ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containing HTML/JavaScript code, which is rendered unescaped on playlist detail and listing pages. This results in arbitrary JavaScript execution in every viewer’s browser, including administrators. This issue is fixed in version 5.5.2-#147.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64339
Published : Nov. 7, 2025, 6:15 a.m. | 1 hour, 38 minutes ago
Description : ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containing HTML/JavaScript code, which is rendered unescaped on playlist detail and listing pages. This results in arbitrary JavaScript execution in every viewer’s browser, including administrators. This issue is fixed in version 5.5.2-#147.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64343 - (conda) Constructor: Excessive permissions during and after installation
CVE ID : CVE-2025-64343
Published : Nov. 7, 2025, 6:15 a.m. | 1 hour, 38 minutes ago
Description : (conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write access by authenticated users. Any logged in user can make modifications during the installation for both single-user and all-user installations. This constitutes a local attack vector if the installation is in a directory local users have access to. For single-user installations in a shared directory, these permissions persist after the installation. This issue is fixed in version 3.13.0.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64343
Published : Nov. 7, 2025, 6:15 a.m. | 1 hour, 38 minutes ago
Description : (conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write access by authenticated users. Any logged in user can make modifications during the installation for both single-user and all-user installations. This constitutes a local attack vector if the installation is in a directory local users have access to. For single-user installations in a shared directory, these permissions persist after the installation. This issue is fixed in version 3.13.0.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64346 - archives: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE ID : CVE-2025-64346
Published : Nov. 7, 2025, 6:15 a.m. | 1 hour, 38 minutes ago
Description : archives is a Go library for extracting archives (tar, zip, etc.). Version 1.0.0 does not prevent a malicious user to feed a specially crafted archive to the library causing RCE, modification of files or other malignancies in the context of whatever the user is running this library as, through the program that imports it. Severity depends on user permissions, environment and how arbitrary archives are passed. This issue is fixed in version 1.0.1.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64346
Published : Nov. 7, 2025, 6:15 a.m. | 1 hour, 38 minutes ago
Description : archives is a Go library for extracting archives (tar, zip, etc.). Version 1.0.0 does not prevent a malicious user to feed a specially crafted archive to the library causing RCE, modification of files or other malignancies in the context of whatever the user is running this library as, through the program that imports it. Severity depends on user permissions, environment and how arbitrary archives are passed. This issue is fixed in version 1.0.1.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10966 - missing SFTP host verification with wolfSSH
CVE ID : CVE-2025-10966
Published : Nov. 7, 2025, 7:26 a.m. | 28 minutes ago
Description : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10966
Published : Nov. 7, 2025, 7:26 a.m. | 28 minutes ago
Description : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46413 - BUFFALO WSR-1800AX4 Weak Password Hash Vulnerability
CVE ID : CVE-2025-46413
Published : Nov. 7, 2025, 9:15 a.m. | 2 hours, 38 minutes ago
Description : Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46413
Published : Nov. 7, 2025, 9:15 a.m. | 2 hours, 38 minutes ago
Description : Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10870 - SQL injection in DIAL's CentrosNet
CVE ID : CVE-2025-10870
Published : Nov. 7, 2025, 10:15 a.m. | 1 hour, 38 minutes ago
Description : SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10870
Published : Nov. 7, 2025, 10:15 a.m. | 1 hour, 38 minutes ago
Description : SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10968 - SQLi in GG Soft's PaperWork
CVE ID : CVE-2025-10968
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10968
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12853 - SourceCodester Best House Rental Management System admin_class.php delete_house sql injection
CVE ID : CVE-2025-12853
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function delete_house of the file /admin_class.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12853
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function delete_house of the file /admin_class.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12854 - newbee-mall-plus seckillExecution executeSeckill authorization
CVE ID : CVE-2025-12854
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12854
Published : Nov. 7, 2025, 1:15 p.m. | 39 minutes ago
Description : A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12855 - code-projects Responsive Hotel Site newsletterdel.php sql injection
CVE ID : CVE-2025-12855
Published : Nov. 7, 2025, 1:32 p.m. | 22 minutes ago
Description : A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12855
Published : Nov. 7, 2025, 1:32 p.m. | 22 minutes ago
Description : A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12856 - code-projects Responsive Hotel Site reservation.php sql injection
CVE ID : CVE-2025-12856
Published : Nov. 7, 2025, 1:32 p.m. | 22 minutes ago
Description : A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12856
Published : Nov. 7, 2025, 1:32 p.m. | 22 minutes ago
Description : A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...