SQL Injection Vulnerability in Code-Projects Vehicle Management Software
CVE-2025-8330

9.8CRITICAL

Key Information:

Vendor: Code-Projects
Status: Vehicle Management
Vendor: CVE Published:; 30 July 2025

🔔 Create Code-Projects Vulnerability Alert

What is CVE-2025-8330?

A serious SQL injection vulnerability has been identified in the Vehicle Management software version 1.0 from Code-Projects. This flaw resides in the /edit1.php file, where improper handling of input arguments allows attackers to manipulate the 'sno' parameter, enabling them to execute arbitrary SQL commands remotely. This vulnerability can potentially expose sensitive data or allow for unauthorized access to the database. Given its public disclosure, organizations using this software are advised to implement immediate security measures and updates to mitigate potential exploitation.

References

https://code-projects.org/

https://github.com/zgqsdx/cve/issues/1

https://vuldb.com/?ctiid.318280

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2025

JSON