CVE-2025-4267 | SourceCodester/oretnom23 Stock Management System 1.0 Purchase Order Details Page view_po ID sql injection

Inserito da Angelo Barbosa | Mag 4, 2025 | CVE

A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. This affects an unknown part of the file /admin/?page=purchase_order/view_po of the component Purchase Order Details Page. The manipulation of the argument ID leads to sql injection.

This vulnerability is uniquely identified as CVE-2025-4267. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-4267 | SourceCodester/oretnom23 Stock Management System 1.0 Purchase Order Details Page view_po ID sql injection

Post correlati

CVE-2024-51627 | Kaedinger Audio Comparison Lite Plugin up to 3.4 on WordPress cross site scripting

CVE-2024-48930 | cryptocoinjs secp256k1-node up to 3.8.0/4.0.3/5.0.0 publicKeyVerify integrity check

CVE-2024-0625 | WPFront Notification Bar up to 3.3.2 on WordPress wpfront-notification-bar-options[custom_class] cross site scripting

CVE-2024-40605 | Foreground Skin up to 1.42.1 on MediaWiki Sidebar Menu cross site scripting