SQL Injection Vulnerability in News-Buzz by Code Projects
CVE-2025-5632
Key Information:
- Vendor
Code-projects
- Vendor
- CVE Published:
- 5 June 2025
Badges
What is CVE-2025-5632?
A SQL injection vulnerability has been identified in the News-Buzz 1.0 content management system developed by Code Projects. The issue resides within the /admin/users.php file, where the manipulation of the 'change_to_admin' parameter allows unauthorized users to execute arbitrary SQL queries. This vulnerability can be exploited remotely, leading to unauthorized access and manipulation of the database. As the exploit has been publicly disclosed, it poses a significant risk to affected systems, highlighting the importance of applying necessary mitigations promptly.
Affected Version(s)
Content Management System 1.0
Content Management System 1.0
News-Buzz 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved