CVE-2025-0846

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 30, 2025

Updated: Feb 4, 2025

CWE ID 74

CWE ID 89

Summary

CVE-2025-0846 is a critical vulnerability affecting the 1000 Projects Employee Task Management System 1.0. The issue lies within the /admin/AdminLogin.php file and allows for remote sql injection by manipulating the email argument. This means an attacker can gain unauthorized access to the system and potentially compromise sensitive data. The exploit for this vulnerability has been disclosed to the public, increasing the risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/25Gts8
https://www.cve.org/CVERecord?id=CVE-2025-0846
https://nvd.nist.gov/vuln/detail/CVE-2025-0846

Back to Vulnerability Database

CVE-2025-0846

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations