CVE-2025-5633Injection in Content Management System

CWE-74InjectionCWE-89SQL InjectionCWE-416Use After Free4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 55.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Anirbandutta9 Content Management SystemAnirbandutta9 News-buzzCode-projects Content Management System+1 more
Timeline
PublishedJun 5

Description

A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages6 packages

🔴Vulnerability Details

2
GHSA
GHSA-3gx7-hcg4-pm64: A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 12025-06-05
CVEList
code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection2025-06-05

📋Vendor Advisories

1
Microsoft
Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling2023-10-10
CVE-2025-5633 — Injection in Content Management System | cvebase