Skip to main content
CVE-2025-8348 MEDIUM POC This Month

A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Authentication Bypass Charging Pile Cloud Platform
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-8338 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adminac.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Admission System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8378 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Hotel Reservation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8409 MEDIUM POC This Month

A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8408 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument vehicle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8407 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown processing of the file /filter2.php. The manipulation of the argument from leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8376 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8375 MEDIUM POC This Month

A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of the argument vehicle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8374 MEDIUM POC This Month

A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8373 MEDIUM POC This Month

A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8372 MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation of the argument credits leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8371 MEDIUM POC This Month

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The manipulation of the argument credits leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8339 MEDIUM POC This Month

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Intern Membership Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-50847 MEDIUM This Month

Cross-Site Request Forgery in CS-Cart 4.18.3 permits an attacker to silently add arbitrary products to an authenticated user's comparison list by tricking the victim into loading a crafted HTTP request. The impact is confined to unauthorized modification of the comparison list feature - no data exfiltration or account takeover is possible via this vector. No public exploit identified at time of analysis, and the EPSS score of 0.14% (4th percentile) reflects very low real-world exploitation interest.

CSRF Cs Cart
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-50848 MEDIUM This Month

Unrestricted HTML file upload in CS-Cart 4.18.3 enables stored cross-site scripting and phishing attacks against users of affected storefronts. An attacker who can upload files to the platform may submit a crafted HTML document subsequently served from the trusted store domain, allowing arbitrary JavaScript execution in victims' browsers or presentation of convincing fake login pages for credential harvesting. Publicly available exploit code exists on GitHub; the EPSS score of 0.22% (13th percentile) reflects low observed exploitation pressure and the vulnerability is not listed in the CISA KEV catalog.

File Upload XSS RCE Cs Cart
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy