Modern Bag
Monthly
A SQL injection vulnerability exists in code-projects Modern Bag version 1.0, specifically in the /admin/contact-list.php file where the 'idStatus' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation likely.
CVE-2025-7513 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/slideupdate.php endpoint, where unsanitized idSlide parameter input allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with exploits available, enabling attackers to read, modify, or delete database records with moderate confidentiality, integrity, and availability impact.
CVE-2025-7512 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0, affecting the /contact-back.php file's contact-name parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit disclosure and demonstrates active exploitation potential with a CVSS score of 7.3.
CVE-2025-7510 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/productadd_back.php file, where the 'namepro' parameter is improperly sanitized allowing remote unauthenticated attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with exploit code available, and carries a CVSS 7.3 score indicating moderate-to-high real-world risk with low attack complexity. An attacker can extract, modify, or delete database contents without authentication, compromising confidentiality, integrity, and availability of the application.
CVE-2025-7509 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/slide.php endpoint via the idSlide parameter. An unauthenticated remote attacker can exploit this with no user interaction to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.
CVE-2025-7508 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/product-update.php endpoint, where the 'idProduct' parameter is improperly validated before database queries. An unauthenticated remote attacker can exploit this to execute arbitrary SQL commands, potentially exfiltrating sensitive data, modifying product information, or gaining further system access. The vulnerability has public exploit disclosure and active real-world exploitation is likely given the low attack complexity and lack of authentication requirements.
CVE-2025-7478 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/category-list.php file, where the 'idCate' parameter is not properly sanitized, allowing unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with working exploits available, and while classified as critical in the original report, the CVSS 7.3 score indicates moderate-to-high real-world risk with potential for data exfiltration, modification, and denial of service. Active exploitation is likely given public POC availability and the ease of the attack vector.
CVE-2025-7471 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0 affecting the /admin/login-back.php endpoint. An unauthenticated remote attacker can inject malicious SQL code via the 'user-name' parameter to compromise confidentiality, integrity, and availability of the application and underlying database. The vulnerability has been publicly disclosed with proof-of-concept code available, increasing real-world exploitation risk.
CVE-2025-7467 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0 affecting the /product-detail.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate, modify, or delete database contents. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate-to-high real-world impact with low attack complexity and no authentication requirements.
CVE-2025-7461 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0, located in the /action.php file's proId parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially access, modify, or delete database contents. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate confidentiality, integrity, and availability impact; however, the attack requires no authentication or user interaction, making it immediately exploitable in network-accessible deployments.
A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A SQL injection vulnerability exists in code-projects Modern Bag version 1.0, specifically in the /admin/contact-list.php file where the 'idStatus' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation likely.
CVE-2025-7513 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/slideupdate.php endpoint, where unsanitized idSlide parameter input allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with exploits available, enabling attackers to read, modify, or delete database records with moderate confidentiality, integrity, and availability impact.
CVE-2025-7512 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0, affecting the /contact-back.php file's contact-name parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit disclosure and demonstrates active exploitation potential with a CVSS score of 7.3.
CVE-2025-7510 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/productadd_back.php file, where the 'namepro' parameter is improperly sanitized allowing remote unauthenticated attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with exploit code available, and carries a CVSS 7.3 score indicating moderate-to-high real-world risk with low attack complexity. An attacker can extract, modify, or delete database contents without authentication, compromising confidentiality, integrity, and availability of the application.
CVE-2025-7509 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/slide.php endpoint via the idSlide parameter. An unauthenticated remote attacker can exploit this with no user interaction to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.
CVE-2025-7508 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/product-update.php endpoint, where the 'idProduct' parameter is improperly validated before database queries. An unauthenticated remote attacker can exploit this to execute arbitrary SQL commands, potentially exfiltrating sensitive data, modifying product information, or gaining further system access. The vulnerability has public exploit disclosure and active real-world exploitation is likely given the low attack complexity and lack of authentication requirements.
CVE-2025-7478 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/category-list.php file, where the 'idCate' parameter is not properly sanitized, allowing unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with working exploits available, and while classified as critical in the original report, the CVSS 7.3 score indicates moderate-to-high real-world risk with potential for data exfiltration, modification, and denial of service. Active exploitation is likely given public POC availability and the ease of the attack vector.
CVE-2025-7471 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0 affecting the /admin/login-back.php endpoint. An unauthenticated remote attacker can inject malicious SQL code via the 'user-name' parameter to compromise confidentiality, integrity, and availability of the application and underlying database. The vulnerability has been publicly disclosed with proof-of-concept code available, increasing real-world exploitation risk.
CVE-2025-7467 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0 affecting the /product-detail.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate, modify, or delete database contents. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate-to-high real-world impact with low attack complexity and no authentication requirements.
CVE-2025-7461 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0, located in the /action.php file's proId parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially access, modify, or delete database contents. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate confidentiality, integrity, and availability impact; however, the attack requires no authentication or user interaction, making it immediately exploitable in network-accessible deployments.
A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.