CVE-2025-5432 | AssamLook CMS 1.0 /view_tender.php ID sql injection

Inserito da Angelo Barbosa | Giu 1, 2025 | CVE

A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the argument ID leads to sql injection.

This vulnerability is known as CVE-2025-5432. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5432 | AssamLook CMS 1.0 /view_tender.php ID sql injection

Post correlati

CVE-2024-30656 | Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 Deauth Frame denial of service

CVE-2024-32042 | CyberPower PowerPanel up to 4.9.0 storing passwords in a recoverable format (icsa-24-123-01)

CVE-2024-22239 | VMware Aria Operations for Networks prior 6.12 Console Local Privilege Escalation (VMSA-2024-0002)

CVE-2024-2663 | ZD YouTube FLV Player Plugin up to 1.2.6 on WordPress server-side request forgery