Online Bidding System
Monthly
A weakness has been identified in code-projects Online Bidding System 1.0.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A weakness has been identified in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CVE-2025-6472 is a critical SQL injection vulnerability in code-projects Online Bidding System 1.0 affecting the /showprod.php file's ID parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or denial of service. The vulnerability has been publicly disclosed with exploit code available, creating immediate risk for exposed instances.
CVE-2025-6471 is a critical SQL injection vulnerability in code-projects Online Bidding System version 1.0 affecting the /administrator endpoint, where the 'aduser' parameter is not properly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. Public exploit code is available and the vulnerability is actively exploitable with no authentication required.
CVE-2025-6470 is a critical SQL injection vulnerability in code-projects Online Bidding System 1.0, specifically in the /bidlog.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, presenting immediate exploitation risk. With a CVSS score of 7.3 and network-accessible attack vector requiring no authentication, this poses significant risk to confidentiality, integrity, and availability of affected systems.
A SQL injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
CVE-2025-6468 is a critical SQL injection vulnerability in code-projects Online Bidding System version 1.0 affecting the /bidnow.php file's ID parameter. An unauthenticated remote attacker can exploit this vulnerability to read, modify, or delete database contents, potentially compromising confidentiality, integrity, and availability of the entire bidding system. The vulnerability has been publicly disclosed with proof-of-concept code available, significantly increasing exploitation risk in active deployments.
CVE-2025-6467 is a critical SQL injection vulnerability in code-projects Online Bidding System version 1.0 affecting the /login.php file's User parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially compromise data confidentiality, integrity, and availability. The vulnerability has been publicly disclosed with exploit code available, and while the CVSS score of 7.3 indicates high severity, the attack requires no authentication or user interaction, making it highly exploitable in real-world scenarios.
A weakness has been identified in code-projects Online Bidding System 1.0.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A weakness has been identified in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CVE-2025-6472 is a critical SQL injection vulnerability in code-projects Online Bidding System 1.0 affecting the /showprod.php file's ID parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or denial of service. The vulnerability has been publicly disclosed with exploit code available, creating immediate risk for exposed instances.
CVE-2025-6471 is a critical SQL injection vulnerability in code-projects Online Bidding System version 1.0 affecting the /administrator endpoint, where the 'aduser' parameter is not properly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. Public exploit code is available and the vulnerability is actively exploitable with no authentication required.
CVE-2025-6470 is a critical SQL injection vulnerability in code-projects Online Bidding System 1.0, specifically in the /bidlog.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, presenting immediate exploitation risk. With a CVSS score of 7.3 and network-accessible attack vector requiring no authentication, this poses significant risk to confidentiality, integrity, and availability of affected systems.
A SQL injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
CVE-2025-6468 is a critical SQL injection vulnerability in code-projects Online Bidding System version 1.0 affecting the /bidnow.php file's ID parameter. An unauthenticated remote attacker can exploit this vulnerability to read, modify, or delete database contents, potentially compromising confidentiality, integrity, and availability of the entire bidding system. The vulnerability has been publicly disclosed with proof-of-concept code available, significantly increasing exploitation risk in active deployments.
CVE-2025-6467 is a critical SQL injection vulnerability in code-projects Online Bidding System version 1.0 affecting the /login.php file's User parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially compromise data confidentiality, integrity, and availability. The vulnerability has been publicly disclosed with exploit code available, and while the CVSS score of 7.3 indicates high severity, the attack requires no authentication or user interaction, making it highly exploitable in real-world scenarios.