HKritesh009 Grocery List Management Web App update.php sql injection

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in HKritesh009 Grocery List Management Web App up to f491b681eb70d465f445c9a721415c965190f83b. This affects an unknown part of the file /src/update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Basic Information

ID CVE-2025-9749

Source VulDB

Published Aug 31, 2025 at 22:32

Affected Product

Vendor HKritesh009

Product Grocery List Management Web App

Version f491b681eb70d465f445c9a721415c965190f83b

Affected Versions HKritesh009 Grocery List Management Web App f491b681eb70d465f445c9a721415c965190f83b

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in HKritesh009 Grocery List Management Web App up to f491b681eb70d465f445c9a721415c965190f83b. This affects an unknown part of the file /src/update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.",
    "published": "2025-08-31T22:32:06.213Z",
    "modified": "2025-08-31T22:32:06.213Z",
    "type": "cve",
    "title": "HKritesh009 Grocery List Management Web App update.php sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.322050\nhttps://vuldb.com/?ctiid.322050\nhttps://vuldb.com/?submit.640488\nhttps://gist.github.com/0xSebin/a163239e0132d7d58ef1300f321da819\nhttps://gist.github.com/0xSebin/a163239e0132d7d58ef1300f321da819#steps-to-reproduce",
    "id": "CVE-2025-9749",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "HKritesh009 Grocery List Management Web App f491b681eb70d465f445c9a721415c965190f83b",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Grocery List Management Web App",
    "version": "f491b681eb70d465f445c9a721415c965190f83b",
    "vendor": "HKritesh009",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HKritesh009 Grocery List Management Web App update.php sql injection_CVE-2025-9749