CVE-2025-65354

Critical CVSS: 9.8

Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend compromise.

Vendor

Puneethreddyhc

Product

Event Management

CWE

CWE-89

Yayın Tarihi

2025-12-23 20:15:46

Güncelleme

2026-01-06 17:17:13

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Event Management CRITICAL Puneethreddyhc 2025

Referanslar

https://github.com/amaansiddd787/CVE-2025-65354

Benzer Kayıtlar

High

CVE-2024-58316

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows…

Medium

CVE-2025-56243

A Cross-Site Scripting (XSS) vulnerability was found in the register.php page of PuneethReddyHC Event Management System…

High

CVE-2025-51970

A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 du…