SQL Injection Vulnerability in Simple Forum by Code-Projects
CVE-2025-6844

6.9MEDIUM

Key Information:

Vendor: Code-projects
Status: Simple Forum
Vendor: CVE Published:; 29 June 2025

🔔 Create Code-projects Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-6844?

A vulnerability in Simple Forum version 1.0 relates to an insecure handling of user input in the /signin.php file, allowing attackers to perform SQL injection attacks. This weakness permits remote attackers to manipulate the User parameter, potentially leading to unauthorized access to sensitive database information. Given that the exploit has been publicly disclosed, it poses a significant risk to users and administrators who have not yet implemented security measures to mitigate this issue.

Affected Version(s)

Simple Forum 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-6844 - Proof of Concept