CVE-2025-5332
SQL Injection in 1000 Projects Online Notice Board 1.0
Overview
A critical vulnerability has been identified in the 1000 Projects Online Notice Board 1.0. This weakness exposes the application to SQL injection attacks that may lead to unauthorized data access. It involves the manipulation of the 'email' argument in the '/index.php' file.
Technical Details
The vulnerability exists due to inadequate sterilization of user-supplied inputs before utilizing it within an SQL query. This allows an unauthenticated attacker performing remote attacks to manipulate SQL queries, leading to data breaches.
CVSS Metrics
- Attack vector: NETWORK
- Attack complexity: LOW
- Privileges required: NONE
- User interaction: NONE
- Confidentiality impact: LOW
- Integrity impact: LOW
- Availability impact: LOW
- Base score: 7.3
- Base severity: HIGH
Impact
The successful exploitation of this vulnerability enables an attacker to alter SQL statements leading to unauthorized read and write actions to the database, affecting both data confidentiality and integrity.
Recommendations
To mitigate this vulnerability, it is recommended to sanitize and validate all user inputs, use prepared statements or parameterized queries, and update the application with any available security patches.
Threat Metrics
- cvss_score: 7.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW