CVE-2025-4173 – SourceCodester Online Eyewear Shop SQL Injection Vulnerability

May 1, 2025

CVE ID : CVE-2025-4173

Published : May 1, 2025, 5:15 p.m. | 2 hours, 11 minutes ago

Description : A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_cart of the file /oews/classes/Master.php?f=delete_cart. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32881 – GoTenna Information Disclosure Vulnerability

Next Article Pion is a modern stack for web real-time communication

Highlights

CVE-2025-45582 – Apache GNU Tar Directory Traversal Overwrite Vulnerability

July 11, 2025

CVE ID : CVE-2025-45582

Published : July 11, 2025, 5:15 p.m. | 3 hours, 50 minutes ago

Description : GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file’s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of “Member name contains ‘..'” that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain “x -> ../../../../../home/victim/.ssh” and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which “tar xf” is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

An RTX 4060 gaming laptop for $705? Now is the perfect time to switch to PC gaming.

May 26, 2025

CVE-2025-8477 – Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

August 1, 2025

New data shows Xbox is utterly dominating PlayStation’s storefront — accounting for 60% of the Q2 top 10 game sales spots

July 30, 2025

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-4173 – SourceCodester Online Eyewear Shop SQL Injection Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Error’d: Lucky Penny

CVE-2024-35164 – Apache Guacamole SSH Console Code Execution Vulnerability

Oblivion Remastered and Metal Gear Solid Delta co-developer Virtuos faces layoffs — with 270 workers cut

CVE-2025-5708 – Real Estate Property Management System SQL Injection Vulnerability

CVE-2025-45582 – Apache GNU Tar Directory Traversal Overwrite Vulnerability

An RTX 4060 gaming laptop for $705? Now is the perfect time to switch to PC gaming.

CVE-2025-8477 – Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

New data shows Xbox is utterly dominating PlayStation’s storefront — accounting for 60% of the Q2 top 10 game sales spots

CVE-2025-4173 – SourceCodester Online Eyewear Shop SQL Injection Vulnerability

Related Posts