CVE-2025-6668 – Code-projects Inventory Management System SQL Injection Vulnerability

June 25, 2025

CVE ID : CVE-2025-6668

Published : June 25, 2025, 10:15 p.m. | 4 hours, 6 minutes ago

Description : A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /php_action/fetchSelectedBrand.php. The manipulation of the argument brandId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6669 – Gooaclok819 SublinkX Cryptographic Key Hard-Coding Remote Vulnerability

Next Article CVE-2025-6667 – “Code-Projects Car Rental System Unrestricted File Upload Vulnerability”

Highlights

CVE-2025-4379 – DobryCMS Reflected Cross-Site Scripting (XSS) Vulnerability

May 23, 2025

CVE ID : CVE-2025-4379

Published : May 23, 2025, 10:15 a.m. | 2 hours, 24 minutes ago

Description : DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim’s browser when specially crafted URL is opened.

A hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the version.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-6668 – Code-projects Inventory Management System SQL Injection Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2025-54443 – Samsung MagicINFO 9 Server Path Traversal Vulnerability

How Hackers Help NASA Stay Secure: Inside the NASA VDP

CVE-2025-5314 – Dear Flipbook WordPress DOM-Based Reflected Cross-Site Scripting Vulnerability

كود خصم سكوات وولف 2025

CVE-2025-4379 – DobryCMS Reflected Cross-Site Scripting (XSS) Vulnerability

CVE-2025-6192 – Google Chrome Use After Free in Metrics

Microsoft Engineer Disrupts Build 2025 Keynote Over Israel Contracts

Voicebots in Banking: The New Standard for 24/7 Support

CVE-2025-6668 – Code-projects Inventory Management System SQL Injection Vulnerability

Related Posts