Skip to content

Commit aab8c73

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-34f8-4m2m-xpvw GHSA-8h8c-v86h-cqxj GHSA-v362-r26g-4mrc
1 parent 550dfc7 commit aab8c73

File tree

3 files changed

+172
-0
lines changed

3 files changed

+172
-0
lines changed

advisories/unreviewed/2025/12/GHSA-34f8-4m2m-xpvw/GHSA-34f8-4m2m-xpvw.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-34f8-4m2m-xpvw",
4+
"modified": "2025-12-24T03:31:33Z",
5+
"published": "2025-12-24T03:31:33Z",
6+
"aliases": [
7+
"CVE-2025-15053"
8+
],
9+
"details": "A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15053"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/i4G5d/CRITICAL-SEVERITY-VULNERABILITY-REPORT-Widespread-SQLI"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.337859"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.337859"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.720796"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-24T02:15:52Z"
55+
}
56+
}

advisories/unreviewed/2025/12/GHSA-8h8c-v86h-cqxj/GHSA-8h8c-v86h-cqxj.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8h8c-v86h-cqxj",
4+
"modified": "2025-12-24T03:31:33Z",
5+
"published": "2025-12-24T03:31:33Z",
6+
"aliases": [
7+
"CVE-2025-15050"
8+
],
9+
"details": "A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15050"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Bai-public/CVE/issues/3"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.337857"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.337857"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.721039"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.721073"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-284"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2025-12-24T01:16:14Z"
59+
}
60+
}

advisories/unreviewed/2025/12/GHSA-v362-r26g-4mrc/GHSA-v362-r26g-4mrc.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-v362-r26g-4mrc",
4+
"modified": "2025-12-24T03:31:33Z",
5+
"published": "2025-12-24T03:31:33Z",
6+
"aliases": [
7+
"CVE-2025-15052"
8+
],
9+
"details": "A vulnerability was detected in code-projects Student Information System 1.0. This vulnerability affects unknown code of the file /profile.php. Performing manipulation of the argument firstname/lastname results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15052"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/i4G5d/CRITICAL-SECURITY-VULNERABILITY-REPORT-Stored-XSS"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.337858"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.337858"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.720765"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-79"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-24T02:15:52Z"
55+
}
56+
}

0 commit comments

Comments
 (0)