Back to KEVs

CVE-2025-65354

Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST...

Basic Information

CVE State
PUBLISHED
Reserved Date
November 18, 2025
Published Date
December 23, 2025
Last Updated
December 30, 2025
Vendor
n/a
Product
n/a
Description
Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend compromise.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

SSVC Information

Exploitation
poc
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-12-23 21:00:05 UTC) Source

References

https://github.com/amaansiddd787/CVE-2025-65354

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-12-23 21:00:05 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel