CVE-2025-0207

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 4, 2025
Updated: Jan 10, 2025
CWE ID 89
CWE ID 74

Summary

CVE-2025-0207: A critical SQL injection vulnerability has been identified in the Online Shoe Store 1.0 software. The issue lies within an unknown functionality of the /function/login.php file, allowing attackers to manipulate the password argument and execute malicious SQL commands. The vulnerability can be exploited remotely, and the exploit has been disclosed to the public. Users are strongly advised to patch their systems to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share