CVE-2025-11668

CWE-74 CWE-89 — SQL Injection CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

5.1MEDIUM

EPSS

0.0%

top 99.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Automated Voting System Fabian Automated Voting System

Timeline

PublishedOct 13

Description

A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument Password causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/automated_voting_system1.0

▶NVDfabian/automated_voting_system1.0

🔴Vulnerability Details

GHSA

GHSA-vfhx-pwpx-j9wx: A vulnerability was determined in code-projects Automated Voting System 1↗2025-10-13

▶

CVEList

code-projects Automated Voting System update_user.php sql injection↗2025-10-13

▶

📋Vendor Advisories

Microsoft

In the Linux kernel before 5.6.1 drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors aka CID-a246b4d54770.↗2020-04-14

▶