CVE-2025-14834

CWE-74 CWE-89 — SQL Injection CWE-770 — Allocation without Limits4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 88.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Simple Stock System Carmelo Simple Stock System

Timeline

PublishedDec 17

Latest updateDec 18

Description

A weakness has been identified in code-projects Simple Stock System 1.0. This affects an unknown function of the file /checkuser.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/simple_stock_system1.0

▶NVDcarmelo/simple_stock_system1.0

🔴Vulnerability Details

GHSA

GHSA-jgjr-prwm-9w9x: A weakness has been identified in code-projects Simple Stock System 1↗2025-12-18

▶

CVEList

code-projects Simple Stock System checkuser.php sql injection↗2025-12-17

▶

📋Vendor Advisories

Microsoft

A vulnerability was found in dnsmasq before version 2.81 where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.↗2020-01-14

▶