CVE-2025-6344 – “Code-projects Online Shoe Store SQL Injection Vulnerability”

June 20, 2025

CVE ID : CVE-2025-6344

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /contactus.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleONLYOFFICE 9.0 Released with New Themes, AI Tools + More

Next Article CVE-2025-6343 – Code-projects Online Shoe Store SQL Injection Vulnerability

Highlights

CVE-2025-49843 – Conda-Smithy File Permission Bypass Vulnerability

June 17, 2025

CVE ID : CVE-2025-49843

Published : June 17, 2025, 9:15 p.m. | 1 hour, 16 minutes ago

Description : conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_headers function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write access beyond the intended user/owner. This violates the principle of least privilege, which mandates restricting file permissions to the minimum necessary. An attacker could exploit this to access configuration files in shared hosting environments. This issue has been patched in version 3.47.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2025-6344 – “Code-projects Online Shoe Store SQL Injection Vulnerability”

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

WebP Converter converts images to WebP

InnoCN 49Q1R Review – Ultrawide Curved 49” QD-OLED Gaming Monitor for Just $1000

Distribution Release: Armbian 25.05.1

Microsoft confirms KB5058379 BitLocker bug crashes Windows 10, wants recovery key

CVE-2025-49843 – Conda-Smithy File Permission Bypass Vulnerability

Microsoft brings Copilot Notebooks to OneNote for enterprise users

Building an AIOps chatbot with Amazon Q Business custom plugins

CVE-2024-13812 – “Anps Theme Plugin WordPress Shortcode Injection Vulnerability”

CVE-2025-6344 – “Code-projects Online Shoe Store SQL Injection Vulnerability”

Related Posts