CVE-2025-14249 | code-projects Online Ordering System 1.0 /user_school.php product_id sql injection

Inserito da Angelo Barbosa | Dic 8, 2025 | CVE

A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. The affected element is an unknown function of the file /user_school.php. The manipulation of the argument product_id results in sql injection.

This vulnerability was named CVE-2025-14249. The attack may be performed from remote. In addition, an exploit is available.

CVE-2025-14249 | code-projects Online Ordering System 1.0 /user_school.php product_id sql injection

Post correlati

CVE-2024-1137 | TIBCO ActiveSpaces Enterprise Edition up to 4.9.0 Client access control

CVE-2025-57808 | ESPHome 2025.8.0 web_server incorrect implementation of authentication algorithm (GHSA-mxh2-ccgj-8635)

CVE-2024-25148 | Liferay Portal/DXP WYSIWYG Editor doAsUserId information disclosure

CVE-2025-0396 | exelban stats up to 2.11.21 XPC Service shouldAcceptNewConnection command injection