CVE-2025-0564
Published: 19 January 2025
Description
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-0564 is a critical SQL injection vulnerability (CWE-74, CWE-89) discovered in code-projects Fantasy-Cricket version 1.0. The flaw resides in an unknown functionality of the file /authenticate.php, where manipulation of the uname argument enables SQL injection. Published on 2025-01-19, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
The vulnerability is exploitable remotely over the network with low attack complexity, requiring no privileges, user interaction, or impact on scope. Successful exploitation allows attackers to achieve low-level impacts on confidentiality, integrity, and availability through SQL injection.
Advisories and further details, including submission records, are documented in references such as https://vuldb.com/?ctiid.292525, https://vuldb.com/?id.292525, https://vuldb.com/?submit.484186, https://code-projects.org/, and https://github.com/LiuSir5211314/-sir/issues/3.
The exploit has been disclosed publicly and may be used by attackers.
Details
- CWE(s)