Description

A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /php_action/fetchSelectedBrand.php. The manipulation of the argument brandId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Related CPE's

a

code-projects

inventory_management_system

1.0

Vulnerable

References

https://code-projects.org/

Product

https://github.com/lijingze-eng/cve/issues/1

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?ctiid.313881

Permissions RequiredVDB Entry

https://vuldb.com/?id.313881

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.602340

Third Party AdvisoryVDB Entry

Weaknesses

[email protected]

Secondary
CWE-74CWE-89

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.3 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-06-25T22:15:24.450

5 months ago

Last modified

2025-06-27T17:49:20.193

5 months ago