CVE-2025-51671

{"id": "CVE-2025-51671", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-06-26T16:15:31.147", "references": [{"url": "https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/Dairy-Farm-Shop-Management-System/SQL/SQL_injection_edit-category.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-categories.php file."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en PHPGurukul Dairy Farm Shop Management System 1.3. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo SQL arbitrario mediante los par\u00e1metros category y categorycode en una solicitud POST al archivo manage-categories.php."}], "lastModified": "2025-07-01T15:53:21.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF84D11A-CCF0-49D1-8DB0-65186E8D006A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}