CVE-2025-6840 – Code-projects Product Inventory System SQL Injection Vulnerability

June 29, 2025

CVE ID : CVE-2025-6840

Published : June 29, 2025, 3:15 a.m. | 4 hours, 6 minutes ago

Description : A vulnerability, which was classified as critical, was found in code-projects Product Inventory System 1.0. This affects an unknown part of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6841 – Code-projects Product Inventory System SQL Injection Vulnerability

Next Article Srain is a modern IRC client written in GTK

Highlights

CVE-2025-6662 – PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure

June 25, 2025

CVE ID : CVE-2025-6662

Published : June 25, 2025, 10:15 p.m. | 4 hours, 6 minutes ago

Description : PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26985.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Your Slack app is getting a big upgrade – here’s how to try the new AI features

5 Kindle accessories every user should have (and why they make such a big difference)

These premium outdoor speakers made me reconsider switching to Bluetooth audio – here’s why

Google just gave its Photos app the feature upgrade it deserves – here’s what’s new

How Code Feedback MCP Enhances AI-Generated Code Quality

How Code Feedback MCP Enhances AI-Generated Code Quality

PRSS Site Creator – Create Blogs and Websites from Your Desktop

Say hello to ECMAScript 2025

HopToDesk – remote desktop tool

HopToDesk – remote desktop tool

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 26/2025

Wayland vs X11: progresso necessario o strategia di marketing?

CVE-2025-6840 – Code-projects Product Inventory System SQL Injection Vulnerability

⚡ Weekly Recap: Chrome 0-Day, 7.3 Tbps DDoS, MFA Bypass Tricks, Banking Trojan and More

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

Transform Your Workflow With These 10 Essential Yet Overlooked Linux Tools You Need to Try

Google DeepMind’s CEO says Gemini’s upgrades could lead to AGI — but he still thinks society isn’t “ready for it”

CVE-2025-53305 – Lucidcrew WP Forum Server CSRF Stored XSS

Citrix Patches Critical Vulns in NetScaler ADC and Gateway

CVE-2025-6662 – PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure

CVE-2025-46379 – Apache Web Server Denial of Service

CVE-2025-4148 – Netgear EX6200 Remote Buffer Overflow Vulnerability

Managing the growing risk profile of agentic AI and MCP in the enterprise

CVE-2025-6840 – Code-projects Product Inventory System SQL Injection Vulnerability

Related Posts