CVE-2025-61455_CVE-2025-61455

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access.

AI Analysis

SQL Injection vulnerability in Bhabishya-123 E-commerce allowing unauthenticated attackers to bypass authentication and gain full access

Basic Information

ID CVE-2025-61455

Source mitre

Published Oct 20, 2025 at 00:00

Modified Oct 20, 2025 at 13:50

Affected Product

Vendor n/a

Product n/a

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Bhabishya

Product Bhabishya-123 E-commerce

Version 1.0

References

github.com /tansique-17/CVE-2025-61455

{
    "lastseen": "",
    "description": "SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access.",
    "published": "2025-10-20T00:00:00.000Z",
    "modified": "2025-10-20T13:50:19.858Z",
    "type": "cve",
    "title": "CVE-2025-61455",
    "source": "mitre",
    "references": "https://github.com/tansique-17/CVE-2025-61455",
    "id": "CVE-2025-61455",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n/a",
    "version": "n/a",
    "vendor": "n/a",
    "ai_description": "SQL Injection vulnerability in Bhabishya-123 E-commerce allowing unauthenticated attackers to bypass authentication and gain full access",
    "ai_severity": "Critical",
    "ai_vendor": "Bhabishya",
    "ai_product": "Bhabishya-123 E-commerce",
    "ai_version": "1.0",
    "ai_score": 9.8
}