CVE-2025-0176

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Jan 3, 2025

CWE ID 89

CWE ID 74

Summary

CVE-2025-0176 is a critical vulnerability affecting the Point of Sales and Inventory Management System 1.0 from code-projects. An attacker can exploit this issue by manipulating the id/qty argument in the /user/add_cart.php file, leading to SQL injection. The exploit can be initiated remotely, making it a significant threat. The vulnerability has been publicly disclosed, increasing the risk of attacks. It is recommended that users of this system update to the latest version or take other appropriate measures to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Code Projects

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2HwP4O
https://www.cve.org/CVERecord?id=CVE-2025-0176
https://nvd.nist.gov/vuln/detail/CVE-2025-0176

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-0176

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations