CNNVD-202511-2686 Information

Nov 24, 2025 cve

CNNVD ID

CNNVD-202511-2686

CVE-2025-13575

CNNVD Published: 2025-11-24

Description (Chinese)

Code-Projects Blog Site是Code-Projects开源的一个博客系统。 Code-Projects Blog Site 1.0版本存在SQL注入漏洞，该漏洞源于对文件/resources/functions/blog.php中参数name/field的错误操作，可能导致SQL注入。

Description (English)

Code-Projects Blog Site is an open-source blog system for Code-Projects. The Code-Projects Blog Site 1.0 contains an injection loophole in SQL, which results from an error in the parameter name/field in the file/resources/finances/blog.php, which may result in SQL injection.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

Code-Projects

Published

2025-11-24

Last Modified

2026-02-24

References

https://vuldb.com/?id.333339 https://code-projects.org/ https://vuldb.com/?submit.698769 https://github.com/Yohane-Mashiro/cve/blob/main/SQL%20injection2.md https://github.com/Yohane-Mashiro/cve/blob/main/SQL%20injection1.md https://vuldb.com/?submit.698771 https://vuldb.com/?ctiid.333339 https://access.redhat.com/security/cve/cve-2025-13575

Share on: