CVE-2025-0207
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jan 4, 2025
Updated: Jan 10, 2025
CWE ID 89
CWE ID 74
Summary
CVE-2025-0207: A critical SQL injection vulnerability has been identified in the Online Shoe Store 1.0 software. The issue lies within an unknown functionality of the /function/login.php file, allowing attackers to manipulate the password argument and execute malicious SQL commands. The vulnerability can be exploited remotely, and the exploit has been disclosed to the public. Users are strongly advised to patch their systems to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share