CVE Details
Basic Information
| Title | code-projects Inventory Management System createUser.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-30T06:32:05.341Z |
| Last Seen |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Inventory Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability exists in the createUser.php file of the Inventory Management System. This allows remote attackers to inject malicious SQL code, potentially leading to unauthorized data access or modification. The vulnerability has been publicly disclosed and could be exploited by remote attackers. |
|---|---|
| AI Severity | High |
| Vendor | code-projects |
| Product | Inventory Management System |
| Affected Version | 1.0 |
Affected Products
- code-projects Inventory Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in code-projects Inventory Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.