Mobile Shop
Monthly
CVE-2025-7612 is a critical SQL injection vulnerability in code-projects Mobile Shop 1.0 affecting the /login.php file's email parameter, allowing remote unauthenticated attackers to execute arbitrary SQL queries and potentially extract or modify sensitive data. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in the wild. With a CVSS score of 7.3 and demonstrated public PoC availability, this represents an immediate threat to deployments of this product.
CVE-2025-7459 is a SQL injection vulnerability in code-projects Mobile Shop version 1.0, specifically in the /EditMobile.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, creating immediate risk for deployed instances. With a CVSS score of 7.3 and network-accessible attack vector, this poses significant risk to confidentiality, integrity, and availability of affected databases.
CVE-2025-7409 is a critical SQL injection vulnerability in code-projects Mobile Shop 1.0 affecting the /LoginAsAdmin.php endpoint, where the 'email' parameter is improperly sanitized, allowing unauthenticated remote attackers to inject arbitrary SQL commands. The vulnerability has been publicly disclosed with exploits available, making it actively exploitable in the wild. With a CVSS score of 7.3 and network-accessible attack vector, this poses significant risk to confidentiality, integrity, and availability of affected systems.
CVE-2025-7612 is a critical SQL injection vulnerability in code-projects Mobile Shop 1.0 affecting the /login.php file's email parameter, allowing remote unauthenticated attackers to execute arbitrary SQL queries and potentially extract or modify sensitive data. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in the wild. With a CVSS score of 7.3 and demonstrated public PoC availability, this represents an immediate threat to deployments of this product.
CVE-2025-7459 is a SQL injection vulnerability in code-projects Mobile Shop version 1.0, specifically in the /EditMobile.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, creating immediate risk for deployed instances. With a CVSS score of 7.3 and network-accessible attack vector, this poses significant risk to confidentiality, integrity, and availability of affected databases.
CVE-2025-7409 is a critical SQL injection vulnerability in code-projects Mobile Shop 1.0 affecting the /LoginAsAdmin.php endpoint, where the 'email' parameter is improperly sanitized, allowing unauthenticated remote attackers to inject arbitrary SQL commands. The vulnerability has been publicly disclosed with exploits available, making it actively exploitable in the wild. With a CVSS score of 7.3 and network-accessible attack vector, this poses significant risk to confidentiality, integrity, and availability of affected systems.