CVE-2025-6484 – Code-projects Online Shopping Store SQL Injection

June 22, 2025

CVE ID : CVE-2025-6484

Published : June 22, 2025, 5:15 p.m. | 7 hours, 39 minutes ago

Description : A vulnerability was found in code-projects Online Shopping Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument cat_id/brand_id/keyword/proId/pid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6485 – TOTOLINK A3002R OS Command Injection Vulnerability

Next Article CVE-2025-6482 – “Simple Pizza Ordering System SQL Injection Vulnerability”

Highlights

CVE-2025-46546 – Sherpa Orchestrator Blind SQL Injection Vulnerability

April 24, 2025

CVE ID : CVE-2025-46546

Published : April 25, 2025, 3:15 a.m. | 36 minutes ago

Description : In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Best early Prime Day Nintendo Switch deals: My 17 favorite sales live now

How I use VirtualBox to run any OS on my Mac – including Linux

Apple will give you a free pair of AirPods when you buy a MacBook or iPad for school – here’s who’s eligible

How Apple’s biggest potential acquisition ever could perplex AI rivals like Google

Music Streaming Platform using PHP and MySQL

Music Streaming Platform using PHP and MySQL

Solutions That Benefit Everyone – Why Inclusive Design Matters for All

Reducing Barriers Across Industries Through Inclusive Design

Windows 11 Installation Assistant Download: 2025 Guide

Windows 11 Installation Assistant Download: 2025 Guide

Didn’t Receive Gears of War: Reloaded Code? Explainer

Fix Vibrant Visuals Greyed Out in Minecraft Bedrock

CVE-2025-6484 – Code-projects Online Shopping Store SQL Injection

Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department

Wedding Invitation Scam: SpyMax RAT Targets Indian WhatsApp Users, Stealing OTPs & Banking Credentials

OpenFeign vs WebClient: How to Choose a REST Client for Your Spring Boot Project

Best Free and Open Source Alternatives to Progress Chef

Bert ransomware: what you need to know

So your friend has been hacked: Could you be next?

CVE-2025-46546 – Sherpa Orchestrator Blind SQL Injection Vulnerability

CVE-2025-3058 – Xelion Webchat WordPress Privilege Escalation Vulnerability

CVE-2025-5292 – Elementor Element Pack Addons Stored Cross-Site Scripting Vulnerability

CVE-2024-45380 – Here is a title for a vulnerability: Apache Struts Deserialization Vulnerability

CVE-2025-6484 – Code-projects Online Shopping Store SQL Injection

Related Posts