← volver
CVE-2025-13575

code-projects Blog Site Category blog.php category_exists sql injection

CVSS 5.3 MEDIUMEPSS 0.3%CWE-74CWE-89
A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function category_exists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
code-projects · Blog Site

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://code-projects.org/https://github.com/Yohane-Mashiro/cve/blob/main/SQL%20injection1.mdhttps://github.com/Yohane-Mashiro/cve/blob/main/SQL%20injection2.mdhttps://vuldb.com/?ctiid.333339https://vuldb.com/?id.333339https://vuldb.com/?submit.698769https://vuldb.com/?submit.698771