CVE-2025-1858

MEDIUM Year: 2025
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-74
View all →

Vulnerability Description

A vulnerability classified as critical was found in Codezips Online Shopping Website 1.0. This vulnerability affects unknown code of the file /success.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2015-8800

HIGH
CVSS:7.3(High)

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical Sy...

CWE-742015

CVE-2017-20197

MEDIUM
CVSS:7.3(High)

A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /i...

CWE-742017

CVE-2018-20914

HIGH
CVSS:7.3(High)

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).

CWE-742018

CVE-2020-15255

HIGH
CVSS:7.3(High)

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example...

CWE-742020

CVE-2021-0553

HIGH
CVSS:7.3(High)

In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges...

CWE-742021

CVE-2021-27614

HIGH
CVSS:7.3(High)

SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application....

CWE-742021