EUVD-2025-18864Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
CVE-2025-6502 is a critical SQL injection vulnerability in code-projects Inventory Management System 1.0, specifically in the /php_action/changePassword.php file where the user_id parameter is inadequately sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit details available, increasing immediate risk of active exploitation.
Technical ContextAI
This vulnerability stems from improper input validation in a PHP-based web application (CPE: cpe:2.3:a:code-projects:inventory_management_system:1.0:*:*:*:*:*:*:*). The root cause is classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), indicating that user-supplied input in the user_id parameter is passed directly to SQL queries without proper parameterization or escaping. The affected file changePassword.php likely constructs SQL statements dynamically using string concatenation rather than prepared statements with parameterized queries, a fundamental PHP security anti-pattern. This is a server-side vulnerability requiring no client-side interaction, making it particularly dangerous in web application contexts.
RemediationAI
patch: Upgrade to patched version when available from code-projects. Monitor official vendor channels for security updates. immediate_mitigation: Implement Web Application Firewall (WAF) rules to detect and block SQL injection attempts targeting /php_action/changePassword.php, particularly patterns in user_id parameter (union, select, or, drop, etc.). code_level_fix: Refactor changePassword.php to use prepared statements with parameterized queries. Replace string concatenation in SQL queries with bind parameters (mysqli prepared statements or PDO). input_validation: Implement strict input validation: user_id should be validated as numeric (integer only) before any database operation. Use type casting: (int)$_POST['user_id'] or similar strict validation. access_control: If possible, implement rate limiting and IP-based restrictions on /php_action/changePassword.php endpoint to reduce attack surface until patched. monitoring: Enable SQL error logging and monitor for suspicious SQL syntax errors in application logs that may indicate exploitation attempts.
More from same product – last 7 days
Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a
Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo
Share
External POC / Exploit Code
Leaving vuln.today