Search criteria
10 vulnerabilities found for news-buzz by code-projects
CVE-2025-15197 (GCVE-0-2025-15197)
Vulnerability from nvd – Published: 2025-12-29 17:02 – Updated: 2025-12-30 15:58 X_Freeware
VLAI
Title
code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload
Summary
A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.338584 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.338584 | signaturepermissions-required |
| https://vuldb.com/?submit.724721 | third-party-advisory |
| https://github.com/Limingqian123/CVE/issues/7 | exploitissue-tracking |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Content Management System |
Affected:
1.0
|
|
| code-projects | News-Buzz |
Affected:
1.0
|
|
| anirbandutta9 | Content Management System |
Affected:
1.0
|
|
| anirbandutta9 | News-Buzz |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15197",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-30T14:15:51.455934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T15:58:27.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Limingqian123/CVE/issues/7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "Content Management System",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mobird (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T17:02:06.458Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338584 | code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.338584"
},
{
"name": "VDB-338584 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338584"
},
{
"name": "Submit #724721 | Code-projects Content Management System v1.0 Arbitrary file upload vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.724721"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Limingqian123/CVE/issues/7"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-12-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-28T11:15:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15197",
"datePublished": "2025-12-29T17:02:06.458Z",
"dateReserved": "2025-12-28T10:10:21.480Z",
"dateUpdated": "2025-12-30T15:58:27.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5633 (GCVE-0-2025-5633)
Vulnerability from nvd – Published: 2025-06-05 03:31 – Updated: 2025-06-05 14:09
VLAI
Title
code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection
Summary
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.311120 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.311120 | signaturepermissions-required |
| https://vuldb.com/?submit.589783 | third-party-advisory |
| https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/… | exploit |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Content Management System |
Affected:
1.0
|
|
| code-projects | News-Buzz |
Affected:
1.0
|
|
| anirbandutta9 | Content Management System |
Affected:
1.0
|
|
| anirbandutta9 | News-Buzz |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5633",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T13:19:07.569028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T14:09:04.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_users.php_delete.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "Content Management System",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XU17 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei /admin/users.php. Durch das Manipulieren des Arguments delete mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T03:31:04.853Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311120 | code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311120"
},
{
"name": "VDB-311120 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311120"
},
{
"name": "Submit #589783 | code-projects NEWS-BUZZ (News Management System) v1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.589783"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_users.php_delete.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-04T13:36:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5633",
"datePublished": "2025-06-05T03:31:04.853Z",
"dateReserved": "2025-06-04T11:31:33.339Z",
"dateUpdated": "2025-06-05T14:09:04.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5632 (GCVE-0-2025-5632)
Vulnerability from nvd – Published: 2025-06-05 03:00 – Updated: 2025-06-05 14:09
VLAI
Title
code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection
Summary
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.311119 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.311119 | signaturepermissions-required |
| https://vuldb.com/?submit.589781 | third-party-advisory |
| https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/… | exploit |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Content Management System |
Affected:
1.0
|
|
| code-projects | News-Buzz |
Affected:
1.0
|
|
| anirbandutta9 | Content Management System |
Affected:
1.0
|
|
| anirbandutta9 | News-Buzz |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5632",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T13:19:11.884529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T14:09:10.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_users.php_change_to_admin.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "Content Management System",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XU17 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In code-projects/anirbandutta9 Content Management System and News-Buzz 1.0 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei /admin/users.php. Mittels Manipulieren des Arguments change_to_admin mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T03:00:10.612Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311119 | code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311119"
},
{
"name": "VDB-311119 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311119"
},
{
"name": "Submit #589781 | code-projects NEWS-BUZZ (News Management System) v1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.589781"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_users.php_change_to_admin.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-04T13:35:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5632",
"datePublished": "2025-06-05T03:00:10.612Z",
"dateReserved": "2025-06-04T11:30:39.401Z",
"dateUpdated": "2025-06-05T14:09:10.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5631 (GCVE-0-2025-5631)
Vulnerability from nvd – Published: 2025-06-05 02:31 – Updated: 2025-06-05 14:09
VLAI
Title
code-projects/anirbandutta9 Content Management System/News-Buzz publicposts.php sql injection
Summary
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.311118 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.311118 | signaturepermissions-required |
| https://vuldb.com/?submit.589780 | third-party-advisory |
| https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/… | exploit |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Content Management System |
Affected:
1.0
|
|
| code-projects | News-Buzz |
Affected:
1.0
|
|
| anirbandutta9 | Content Management System |
Affected:
1.0
|
|
| anirbandutta9 | News-Buzz |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5631",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T13:19:17.055095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T14:09:25.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_publicposts.php_post.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "Content Management System",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XU17 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /publicposts.php. Mittels dem Manipulieren des Arguments post mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T02:31:05.107Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311118 | code-projects/anirbandutta9 Content Management System/News-Buzz publicposts.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311118"
},
{
"name": "VDB-311118 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311118"
},
{
"name": "Submit #589780 | code-projects NEWS-BUZZ (News Management System) v1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.589780"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_publicposts.php_post.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-04T13:35:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/anirbandutta9 Content Management System/News-Buzz publicposts.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5631",
"datePublished": "2025-06-05T02:31:05.107Z",
"dateReserved": "2025-06-04T11:30:37.206Z",
"dateUpdated": "2025-06-05T14:09:25.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10758 (GCVE-0-2024-10758)
Vulnerability from nvd – Published: 2024-11-04 03:31 – Updated: 2024-11-04 17:01
VLAI
Title
code-projects/anirbandutta9 Content Management System/News-Buzz index.php sql injection
Summary
A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - SQL Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.282927 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.282927 | signaturepermissions-required |
| https://vuldb.com/?submit.436395 | third-party-advisory |
| https://github.com/EmilGallajov/zero-day/blob/mai… | exploit |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Content Management System |
Affected:
1.0
|
|
| code-projects | News-Buzz |
Affected:
1.0
|
|
| anirbandutta9 | Content Management System |
Affected:
1.0
|
|
| anirbandutta9 | News-Buzz |
Affected:
1.0
|
|
| code-projects | content_management_system |
Affected:
1.0
cpe:2.3:a:code-projects:content_management_system:*:*:*:*:*:*:*:* |
|
| code-projects | news-buzz |
Affected:
1.0
cpe:2.3:a:code-projects:news-buzz:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:code-projects:content_management_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "content_management_system",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:code-projects:news-buzz:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "news-buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10758",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T16:57:11.538878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T17:01:46.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "Content Management System",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "egsec (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /index.php. Durch das Manipulieren des Arguments user_name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T03:31:04.265Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-282927 | code-projects/anirbandutta9 Content Management System/News-Buzz index.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.282927"
},
{
"name": "VDB-282927 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.282927"
},
{
"name": "Submit #436395 | code-projects NEWS-BUZZ (News Management System) 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.436395"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-03T08:35:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/anirbandutta9 Content Management System/News-Buzz index.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10758",
"datePublished": "2024-11-04T03:31:04.265Z",
"dateReserved": "2024-11-03T07:29:27.694Z",
"dateUpdated": "2024-11-04T17:01:46.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-15197 (GCVE-0-2025-15197)
Vulnerability from cvelistv5 – Published: 2025-12-29 17:02 – Updated: 2025-12-30 15:58 X_Freeware
VLAI
Title
code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload
Summary
A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.338584 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.338584 | signaturepermissions-required |
| https://vuldb.com/?submit.724721 | third-party-advisory |
| https://github.com/Limingqian123/CVE/issues/7 | exploitissue-tracking |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Content Management System |
Affected:
1.0
|
|
| code-projects | News-Buzz |
Affected:
1.0
|
|
| anirbandutta9 | Content Management System |
Affected:
1.0
|
|
| anirbandutta9 | News-Buzz |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15197",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-30T14:15:51.455934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T15:58:27.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Limingqian123/CVE/issues/7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "Content Management System",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mobird (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T17:02:06.458Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338584 | code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.338584"
},
{
"name": "VDB-338584 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338584"
},
{
"name": "Submit #724721 | Code-projects Content Management System v1.0 Arbitrary file upload vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.724721"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Limingqian123/CVE/issues/7"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-12-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-28T11:15:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15197",
"datePublished": "2025-12-29T17:02:06.458Z",
"dateReserved": "2025-12-28T10:10:21.480Z",
"dateUpdated": "2025-12-30T15:58:27.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5633 (GCVE-0-2025-5633)
Vulnerability from cvelistv5 – Published: 2025-06-05 03:31 – Updated: 2025-06-05 14:09
VLAI
Title
code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection
Summary
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.311120 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.311120 | signaturepermissions-required |
| https://vuldb.com/?submit.589783 | third-party-advisory |
| https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/… | exploit |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Content Management System |
Affected:
1.0
|
|
| code-projects | News-Buzz |
Affected:
1.0
|
|
| anirbandutta9 | Content Management System |
Affected:
1.0
|
|
| anirbandutta9 | News-Buzz |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5633",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T13:19:07.569028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T14:09:04.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_users.php_delete.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "Content Management System",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XU17 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei /admin/users.php. Durch das Manipulieren des Arguments delete mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T03:31:04.853Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311120 | code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311120"
},
{
"name": "VDB-311120 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311120"
},
{
"name": "Submit #589783 | code-projects NEWS-BUZZ (News Management System) v1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.589783"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_users.php_delete.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-04T13:36:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5633",
"datePublished": "2025-06-05T03:31:04.853Z",
"dateReserved": "2025-06-04T11:31:33.339Z",
"dateUpdated": "2025-06-05T14:09:04.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5632 (GCVE-0-2025-5632)
Vulnerability from cvelistv5 – Published: 2025-06-05 03:00 – Updated: 2025-06-05 14:09
VLAI
Title
code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection
Summary
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.311119 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.311119 | signaturepermissions-required |
| https://vuldb.com/?submit.589781 | third-party-advisory |
| https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/… | exploit |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Content Management System |
Affected:
1.0
|
|
| code-projects | News-Buzz |
Affected:
1.0
|
|
| anirbandutta9 | Content Management System |
Affected:
1.0
|
|
| anirbandutta9 | News-Buzz |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5632",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T13:19:11.884529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T14:09:10.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_users.php_change_to_admin.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "Content Management System",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XU17 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In code-projects/anirbandutta9 Content Management System and News-Buzz 1.0 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei /admin/users.php. Mittels Manipulieren des Arguments change_to_admin mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T03:00:10.612Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311119 | code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311119"
},
{
"name": "VDB-311119 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311119"
},
{
"name": "Submit #589781 | code-projects NEWS-BUZZ (News Management System) v1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.589781"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_users.php_change_to_admin.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-04T13:35:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5632",
"datePublished": "2025-06-05T03:00:10.612Z",
"dateReserved": "2025-06-04T11:30:39.401Z",
"dateUpdated": "2025-06-05T14:09:10.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5631 (GCVE-0-2025-5631)
Vulnerability from cvelistv5 – Published: 2025-06-05 02:31 – Updated: 2025-06-05 14:09
VLAI
Title
code-projects/anirbandutta9 Content Management System/News-Buzz publicposts.php sql injection
Summary
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.311118 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.311118 | signaturepermissions-required |
| https://vuldb.com/?submit.589780 | third-party-advisory |
| https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/… | exploit |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Content Management System |
Affected:
1.0
|
|
| code-projects | News-Buzz |
Affected:
1.0
|
|
| anirbandutta9 | Content Management System |
Affected:
1.0
|
|
| anirbandutta9 | News-Buzz |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5631",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T13:19:17.055095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T14:09:25.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_publicposts.php_post.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "Content Management System",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XU17 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /publicposts.php. Mittels dem Manipulieren des Arguments post mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T02:31:05.107Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311118 | code-projects/anirbandutta9 Content Management System/News-Buzz publicposts.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311118"
},
{
"name": "VDB-311118 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311118"
},
{
"name": "Submit #589780 | code-projects NEWS-BUZZ (News Management System) v1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.589780"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/NEWS-BUZZ/sqli_publicposts.php_post.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-04T13:35:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/anirbandutta9 Content Management System/News-Buzz publicposts.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5631",
"datePublished": "2025-06-05T02:31:05.107Z",
"dateReserved": "2025-06-04T11:30:37.206Z",
"dateUpdated": "2025-06-05T14:09:25.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10758 (GCVE-0-2024-10758)
Vulnerability from cvelistv5 – Published: 2024-11-04 03:31 – Updated: 2024-11-04 17:01
VLAI
Title
code-projects/anirbandutta9 Content Management System/News-Buzz index.php sql injection
Summary
A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - SQL Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.282927 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.282927 | signaturepermissions-required |
| https://vuldb.com/?submit.436395 | third-party-advisory |
| https://github.com/EmilGallajov/zero-day/blob/mai… | exploit |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Content Management System |
Affected:
1.0
|
|
| code-projects | News-Buzz |
Affected:
1.0
|
|
| anirbandutta9 | Content Management System |
Affected:
1.0
|
|
| anirbandutta9 | News-Buzz |
Affected:
1.0
|
|
| code-projects | content_management_system |
Affected:
1.0
cpe:2.3:a:code-projects:content_management_system:*:*:*:*:*:*:*:* |
|
| code-projects | news-buzz |
Affected:
1.0
cpe:2.3:a:code-projects:news-buzz:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:code-projects:content_management_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "content_management_system",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:code-projects:news-buzz:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "news-buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10758",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T16:57:11.538878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T17:01:46.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "Content Management System",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "News-Buzz",
"vendor": "anirbandutta9",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "egsec (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /index.php. Durch das Manipulieren des Arguments user_name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T03:31:04.265Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-282927 | code-projects/anirbandutta9 Content Management System/News-Buzz index.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.282927"
},
{
"name": "VDB-282927 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.282927"
},
{
"name": "Submit #436395 | code-projects NEWS-BUZZ (News Management System) 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.436395"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-03T08:35:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/anirbandutta9 Content Management System/News-Buzz index.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10758",
"datePublished": "2024-11-04T03:31:04.265Z",
"dateReserved": "2024-11-03T07:29:27.694Z",
"dateUpdated": "2024-11-04T17:01:46.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}