CVE-2025-11584

CWE-74CWE-89SQL InjectionCWE-732Incorrect Permission Assignment4 documents4 sources
Severity
6.9MEDIUM
EPSS
0.0%
top 92.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Code-projects Online JOB Search EngineFabian Online JOB Search Engine
Timeline
PublishedOct 10

Description

A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecialization leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
code-projects Online Job Search Engine searchjob.php sql injection2025-10-10
GHSA
GHSA-wg8q-68f2-hvw4: A vulnerability has been found in code-projects Online Job Search Engine 12025-10-10

📋Vendor Advisories

1
Microsoft
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-i2025-06-10
CVE-2025-11584 (MEDIUM CVSS 6.9) | A vulnerability has been found in c | cvebase.io