CVE-2025-3338

CWE-74CWE-89SQL InjectionCWE-476NULL Pointer Dereference4 documents4 sources
Severity
6.9MEDIUM
EPSS
0.2%
top 54.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Codeprojects Online Restaurant Management SystemCode-projects Online Restaurant Management System
Timeline
PublishedApr 7

Description

A vulnerability classified as critical has been found in codeprojects Online Restaurant Management System 1.0. Affected is an unknown function of the file /admin/user_save.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
codeprojects Online Restaurant Management System user_save.php sql injection2025-04-07
GHSA
GHSA-4p64-m7fw-73rf: A vulnerability classified as critical has been found in codeprojects Online Restaurant Management System 12025-04-07

📋Vendor Advisories

1
Microsoft
Crash due to a null pointer dereference in the dn_nsp_send function2023-06-13
CVE-2025-3338 (MEDIUM CVSS 6.9) | A vulnerability classified as criti | cvebase.io