CVE-2025-3018

MEDIUM Year: 2025
CVSS v3 Score
7.5
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

A vulnerability, which was classified as critical, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2010-3668

HIGH
CVSS:7.5(High)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.

CWE-742010

CVE-2015-3200

HIGH
CVSS:7.5(High)

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NU...

CWE-742015

CVE-2015-8258

HIGH
CVSS:7.5(High)

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."

CWE-742015

CVE-2016-7125

HIGH
CVSS:7.5(High)

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session da...

CWE-742016

CVE-2017-14523

HIGH
CVSS:7.5(High)

WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only...

CWE-742017