EUVD-2025-21335

| CVE-2025-7593 HIGH
2025-07-14 [email protected]
PHP SQLi Job Diary
7.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 09:43 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 09:43 euvd
EUVD-2025-21335
PoC Detected
Sep 29, 2025 - 21:14 vuln.today
Public exploit code
CVE Published
Jul 14, 2025 - 10:15 nvd
HIGH 7.3

DescriptionNVD

A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-7593 is a critical SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /view-all.php endpoint's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate sensitive data, modify records, or disrupt application availability. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate-to-high impact across confidentiality, integrity, and availability. This represents an active threat requiring immediate patching.

Technical ContextAI

The vulnerability exists in Job Diary 1.0, a PHP-based web application, specifically within the /view-all.php file where user-supplied input via the ID parameter is incorporated directly into SQL queries without proper sanitization or parameterized prepared statements. This represents CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), which encompasses SQL injection patterns where untrusted input reaches database query construction. The root cause is the failure to use prepared statements or input validation mechanisms before constructing SQL commands, allowing attackers to inject malicious SQL syntax to alter query logic. The affected product is identified as code-projects Job Diary version 1.0, distributed as a web application likely running on Apache/PHP infrastructure.

RemediationAI

Immediate actions: (1) Implement input validation and parameterized prepared statements (prepared queries with bound parameters) for all database operations, especially the ID parameter in /view-all.php; (2) Apply principle of least privilege—database user accounts should have minimal required permissions; (3) Enable SQL error suppression to prevent information disclosure; (4) Deploy Web Application Firewall (WAF) rules to detect and block SQL injection patterns targeting /view-all.php; (5) Monitor database activity for suspicious queries. Vendor patch: Update to a patched version of Job Diary if available from code-projects (version pending publication). If no official patch exists, temporary mitigation includes disabling /view-all.php functionality or restricting access via IP whitelisting/authentication until a patch is released. Perform comprehensive SQL injection testing post-remediation.

Share

EUVD-2025-21335 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy