MEDIUM🇬🇧 English

CVE-2025-13560

CVSS 5.5v4.0pub. 2025-11-23upd. 2026-04-29

A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Torrahclef Company Website Cms

    APP
    Torrahclef
    1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2025-29708CRITICAL9.8PL ✓ten sam produkt

Podatność file upload w SourceCodester Company Website CMS 1.0

CVE-2025-29709CRITICAL9.8PL ✓ten sam produkt

Podatność File Upload w SourceCodester Company Website CMS 1.0

CVE-2025-13561MEDIUM5.5ten sam produkt

A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown c...

CVE-2025-29710MEDIUM6.1ten sam produkt

SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services.