A vulnerability marked as critical has been reported in code-projects Online Complaint Site 1.0. Affected is an unknown function of the file /cms/admin/state.php. This manipulation of the argument state causes sql injection.

This vulnerability is tracked as CVE-2025-11530. The attack is possible to be carried out remotely. Moreover, an exploit is present.