CVE 9.8 CRITICAL

CVE-2025-65354_CVE-2025-65354

December 23, 2025 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

Description

Improper input handling in /Grocery/search_products_itname.php in PuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend compromise.

AI Analysis

SQL injection vulnerability in PuneethReddyHC event-management 1.0 due to improper input handling, allowing attackers to disclose database contents and potentially compromise the backend.

Basic Information

ID CVE-2025-65354

Source mitre

Published Dec 23, 2025 at 00:00

Modified Dec 23, 2025 at 19:58

Affected Product

Vendor PuneethReddyHC

Product PuneethReddyHC event-management

Version 1.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor PuneethReddyHC

Product event-management

Version 1.0

References

www.notion.so /JD-Cloud-Unauth-RCE-2d22b76e8e0c802c975bf186b208d0c2

{
    "lastseen": "",
    "description": "Improper input handling in /Grocery/search_products_itname.php in PuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend compromise.",
    "published": "2025-12-23T00:00:00.000Z",
    "modified": "2025-12-23T19:58:38.638Z",
    "type": "cve",
    "title": "CVE-2025-65354",
    "source": "mitre",
    "references": "https://www.notion.so/JD-Cloud-Unauth-RCE-2d22b76e8e0c802c975bf186b208d0c2",
    "id": "CVE-2025-65354",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PuneethReddyHC event-management",
    "version": "1.0",
    "vendor": "PuneethReddyHC",
    "ai_description": "SQL injection vulnerability in PuneethReddyHC event-management 1.0 due to improper input handling, allowing attackers to disclose database contents and potentially compromise the backend.",
    "ai_severity": "Critical",
    "ai_vendor": "PuneethReddyHC",
    "ai_product": "event-management",
    "ai_version": "1.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply