CVE-2025-13575 | code-projects Blog Site 1.0 Category blog.php category_exists name/field sql injection

Inserito da Angelo Barbosa | Nov 23, 2025 | CVE

A vulnerability described as critical has been identified in code-projects Blog Site 1.0. Impacted is the function category_exists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection.

This vulnerability is listed as CVE-2025-13575. The attack may be performed from remote. In addition, an exploit is available.

Multiple endpoints are affected.

CVE-2025-13575 | code-projects Blog Site 1.0 Category blog.php category_exists name/field sql injection

Post correlati

CVE-2025-51488 | MoonShine 3.12.3 Name cross site scripting

CVE-2024-47088 | Apex Softcell LD Geo API Login excessive authentication (CIVN-2024-0296)

CVE-2025-2034 | PHPGurukul Pre-School Enrollment System 1.0 edit-class.php?cid=1 classname sql injection

CVE-2024-6898 | SourceCodester Record Management System 1.0 index.php UserName sql injection