CVE Vulnerabilities

CVE-2025-2419

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Published: Mar 17, 2025 | Modified: Mar 18, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /InsertFeedback.php. The manipulation of the argument txtName/txtEmail/txtMobile/txtFeedback leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Weakness

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Potential Mitigations

References