CVE-2025-55444

Critical CVSS: 9.8

A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution.

Vendor

Vishalmathur

Product

Online Artwork And Fine Arts Project

CWE

CWE-20

Yayın Tarihi

2025-08-20 17:15:36

Güncelleme

2025-09-11 19:16:58

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-20 Online Artwork And Fine Arts Project CRITICAL Vishalmathur 2025

Referanslar

https://gist.github.com/Anudeepkadambala/88c6065f1de1597be96e50a573cde56e https://github.com/Anudeepkadambala/CVE-Reports/blob/main/CVE-2025-55444_Disclosure.md https://github.com/Anudeepkadambala/CVE-Reports/security/advisories/GHSA-r4mf-mr9h-f27m https://github.com/mathurvishal/Online-Artwork-and-Fine-Arts-MCA-Major-Project

Benzer Kayıtlar

Medium

CVE-2026-2058

A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This im…

Critical

CVE-2025-52410

Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php e…

Medium

CVE-2025-50866

CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of t…

Medium

CVE-2025-50867

A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where th…

Medium

CVE-2025-44608

CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.

Medium

CVE-2025-51411

A reflected cross-site scripting (XSS) vulnerability exists in Institute-of-Current-Students v1.0 via the email paramete…