SQL Injection Vulnerability in code-projects Inventory Management System by Code-Projects
CVE-2025-6834

7.3HIGH

Key Information:

Vendor: Code-Projects
Status: Inventory Management System
Vendor: CVE Published:; 29 June 2025

🔔 Create Code-Projects Vulnerability Alert

What is CVE-2025-6834?

A vulnerability identified in the code-projects Inventory Management System 1.0 allows an attacker to exploit the file /php_action/editPayment.php by manipulating the argument orderId. This leads to SQL injection, enabling remote attackers to execute arbitrary SQL queries on the database. Due to the public disclosure of this exploit, it poses a significant risk to the security and integrity of user data.

References

https://code-projects.org/

https://github.com/xiaoqitc/cve-/issues/5

https://vuldb.com/?ctiid.314278

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2025