SQL Injection Vulnerability in Code-Projects Point of Sales and Inventory Management System
CVE-2025-0176

7.5HIGH

Key Information:

Vendor
Code-Projects
Status
Point Of Sales And Inventory Management System
Vendor
CVE Published:
3 January 2025

Summary

A vulnerability exists in Code-Projects Point of Sales and Inventory Management System 1.0, primarily related to the processing functionality of the file /user/add_cart.php. The flaw allows for SQL injection via manipulation of the parameters id and qty, enabling attackers to execute arbitrary SQL commands. This remote exploit can compromise user data integrity and expose sensitive information, thereby posing significant security risks to system users.

References

https://code-projects.org/
https://gist.github.com/Masamuneee/9c539b89dad40033a5037b...
https://vuldb.com/?ctiid.290105

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2025-0176 : SQL Injection Vulnerability in Code-Projects Point of Sales and Inventory Management System | SecurityVulnerability.io