CVE-2025-0171

CWE-74CWE-89SQL InjectionCWE-212CWE-787Out-of-bounds Write5 documents5 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 69.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Code-projects Chat System
Timeline
PublishedJan 2

Description

A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/deleteuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-j8mp-8grf-469r: A vulnerability, which was classified as critical, was found in code-projects Chat System 12025-01-02
CVEList
code-projects Chat System deleteuser.php sql injection2025-01-02

📋Vendor Advisories

2
Microsoft
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM ins2022-08-09
Cisco
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability2018-03-28
CVE-2025-0171 (MEDIUM CVSS 5.3) | A vulnerability | cvebase.io