SQL Injection Vulnerability in Online Complaint Site by Code-Projects
CVE-2025-63622

9.8CRITICAL

Key Information:

Vendor: Code-Projects
Status: Online Complaint Site
Vendor: CVE Published:; 29 October 2025

🔔 Create Code-Projects Vulnerability Alert

What is CVE-2025-63622?

A security flaw has been identified in Code-Projects' Online Complaint Site version 1.0, specifically related to improper handling of inputs in the /cms/admin/subcategory.php file. This vulnerability permits attackers to manipulate the 'category' parameter, leading to potential SQL injection. Exploiting this vulnerability could allow unauthorized access to the database, manipulation of data, or the retrieval of sensitive information.

References

https://github.com/xmqaq/cve/issues/2

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 27, 2025

JSON