EUVD-2025-16955
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Analysis
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Technical Context
SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.
Affected Products
Affected products: Anirbandutta9 News-Buzz 1.0, Code-Projects Content Management System 1.0
Remediation
Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today