CVE Details
Basic Information
| Title | SourceCodester Simple Company Website Login.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-29T20:32:05.871Z |
| Last Seen |
Product Information
| Vendor | SourceCodester |
|---|---|
| Product | Simple Company Website |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability has been identified in SourceCodester’s Simple Company Website version 1.0. This vulnerability allows remote attackers to inject malicious SQL code through the Username argument in the Login.php file, potentially leading to unauthorized database access and data manipulation. |
|---|---|
| AI Severity | Medium |
| Vendor | SourceCodester |
| Product | Simple Company Website |
| Affected Version | 1.0 |
Affected Products
- SourceCodester Simple Company Website 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in SourceCodester Simple Company Website 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.