CVE-2025-1874

CWE-89SQL InjectionCWE-1165 documents4 sources
Severity
9.3CRITICAL
EPSS
0.1%
top 79.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mayuri K 101newsMayurik Best Online News Portal
Timeline
PublishedMar 3

Description

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admin/add-category.php.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5mayuri_k/101news1.0

🔴Vulnerability Details

2
CVEList
SQL injection vulnerability in 101news2025-03-03
GHSA
GHSA-w362-6935-wmpr: SQL injection vulnerability have been found in 101news affecting version 12025-03-03

📋Vendor Advisories

2
Microsoft
Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)2024-06-11
Microsoft
Command injection via array-ish $command parameter of proc_open()2024-04-09
CVE-2025-1874 (CRITICAL CVSS 9.3) | SQL injection vulnerability have be | cvebase.io