A vulnerability classified as critical was found in code-projects Mobile Shop 1.0. This vulnerability affects unknown code of the file /EditMobile.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7459 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Mobile Shop application. The vulnerability exists in the /EditMobile.php file, where the 'ID' parameter is improperly sanitized, allowing an attacker to manipulate the SQL query executed by the backend database. This flaw enables remote attackers to inject arbitrary SQL commands without any authentication or user interaction, potentially leading to unauthorized data access, data modification, or even complete compromise of the underlying database. The vulnerability is exploitable over the network, increasing its risk profile. Although the exact database type and query structure are unspecified, the injection vector through the 'ID' parameter suggests that the application fails to use parameterized queries or adequate input validation. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the absence of authentication and user interaction requirements but limited impact on confidentiality, integrity, and availability (all rated low). No known exploits are currently reported in the wild, and no patches have been published yet. However, public disclosure of the exploit details increases the likelihood of exploitation attempts.

CVE Database V5

Detailed information about CVE-2025-7459: SQL Injection in code-projects Mobile Shop affecting code-projects Mobile Shop. Get real-time updates, technical detai

CVE-2025-7459: SQL Injection in code-projects Mobile Shop - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7459: SQL Injection in code-projects Mobile Shop

A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0. This affects an unknown part of the file /admin/manage_movie.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7457 is a SQL Injection vulnerability identified in version 1.0 of the Campcodes Online Movie Theater Seat Reservation System. The vulnerability exists in the /admin/manage_movie.php file, specifically through the manipulation of the 'ID' parameter. This parameter is not properly sanitized or validated, allowing an attacker to inject malicious SQL code. The vulnerability can be exploited remotely without any authentication or user interaction, which significantly increases the risk of exploitation. The SQL Injection flaw could allow an attacker to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized data access, data modification, or even deletion. Given that the vulnerability affects an administrative interface, successful exploitation could compromise sensitive operational data related to movie scheduling, seat reservations, and possibly user information. The CVSS 4.0 base score is 6.9, indicating a medium severity level, with the vector highlighting that the attack requires no privileges, no user interaction, and has low complexity. The impact on confidentiality, integrity, and availability is limited but present, as the vulnerability allows partial compromise of data. Although no public exploits are currently known in the wild, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation attempts. No official patches or mitigation links have been provided by the vendor as of the publication date.

Detailed information about CVE-2025-7457: SQL Injection in Campcodes Online Movie Theater Seat Reservation System affecting Campcodes Online Movie Theater Seat 

CVE-2025-7457: SQL Injection in Campcodes Online Movie Theater Seat Reservation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7457: SQL Injection in Campcodes Online Movie Theater Seat Reservation System

The article examines a malware variant associated with the SLOW#TEMPEST campaign, focusing on advanced obfuscation techniques used by the threat actors. The malware is distributed as an ISO file containing multiple files, including two malicious ones. The loader DLL, zlibwapi.dll, decrypts and executes the embedded payload, which is appended to another DLL. The analysis reveals sophisticated anti-analysis techniques, including Control Flow Graph (CFG) obfuscation using dynamic jumps and obfuscated function calls. The researchers demonstrate methods to counter these techniques using emulation and code patching. The loader DLL also employs an anti-sandbox check, only executing its payload if the target machine has at least 6 GB of RAM. The study highlights the importance of combining advanced dynamic analysis with static analysis to effectively understand and mitigate modern malware threats.

The SLOW#TEMPEST campaign involves a sophisticated malware variant distributed as an ISO file containing multiple files, including two malicious components. Central to the infection chain is a loader DLL named zlibwapi.dll, which performs decryption and execution of an embedded payload appended to another DLL. This malware employs advanced obfuscation and anti-analysis techniques to evade detection and hinder reverse engineering efforts. Notably, it uses Control Flow Graph (CFG) obfuscation through dynamic jumps and obfuscated function calls, complicating static analysis. Additionally, the loader implements anti-sandbox measures by verifying that the target system has at least 6 GB of RAM before executing the payload, thereby avoiding execution in many virtualized or sandboxed environments. Researchers have demonstrated that overcoming these obfuscation tactics requires a combination of dynamic analysis methods such as emulation and code patching alongside traditional static analysis. The malware also leverages DLL sideloading techniques (T1553.002) to execute malicious code under the guise of legitimate DLLs, and employs process injection (T1055) and code obfuscation (T1027) to maintain stealth. While no known exploits are reported in the wild, the campaign's complexity and use of multiple evasion strategies indicate a highly targeted and persistent threat actor. The analysis underscores the importance of advanced detection capabilities and layered analysis approaches to effectively identify and mitigate such threats.

AlienVault OTX General

Detailed information about Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques. Get real-time updates, technical details, and mitigat

Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques - Live Threat Intelligence - Threat Radar | OffSeq.com

Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques

An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash. 











When
the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart. 


Continued receipt of these specific updates will cause a sustained Denial of Service condition.


This issue affects Junos OS:

  *  All versions before 21.2R3-S9, 
  *  All versions of 21.4, 
  *  All versions of 22.2, 
  *  from 22.4 before 22.4R3-S7, 
  *  from 23.2 before 23.2R2-S3, 
  *  from 23.4 before 23.4R2-S4, 
  *  from 24.2 before 24.2R2.

CVE-2025-52955 is a vulnerability identified in the routing protocol daemon (rpd) component of Juniper Networks Junos OS, a widely used network operating system in enterprise and service provider environments. The vulnerability stems from an incorrect calculation of buffer size (classified under CWE-131), which leads to memory corruption when specific conditions are met. Specifically, when a logical interface associated with a routing instance experiences continuous flapping, it triggers the transmission of particular updates to the jflow/sflow modules. These updates cause the rpd process to corrupt memory, resulting in a crash and subsequent restart of the daemon. If the updates continue to be received, this leads to a sustained Denial of Service (DoS) condition, effectively disrupting routing operations. The flaw can be exploited by an adjacent unauthenticated attacker, meaning the attacker must have network adjacency but does not require authentication or user interaction to trigger the issue. The affected Junos OS versions include all releases before 21.2R3-S9, all versions of 21.4 and 22.2, versions from 22.4 before 22.4R3-S7, from 23.2 before 23.2R2-S3, from 23.4 before 23.4R2-S4, and from 24.2 before 24.2R2. The CVSS v3.1 base score is 6.5 (medium severity), with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N, I:N), but high impact on availability (A:H). No known exploits are currently reported in the wild, and no patches are linked in the provided data, indicating that remediation may require vendor updates or configuration changes once available.

Detailed information about CVE-2025-52955: CWE-131 Incorrect Calculation of Buffer Size in Juniper Networks Junos OS affecting Juniper Networks Junos OS. Get re

CVE-2025-52955: CWE-131 Incorrect Calculation of Buffer Size in Juniper Networks Junos OS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-52955: CWE-131 Incorrect Calculation of Buffer Size in Juniper Networks Junos OS

Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.

Detailed information about CVE-2025-53636: CWE-400: Uncontrolled Resource Consumption in OSC ondemand affecting OSC ondemand. Get real-time updates, technical d

CVE-2025-53636: CWE-400: Uncontrolled Resource Consumption in OSC ondemand

CVE-2025-53636: CWE-400: Uncontrolled Resource Consumption in OSC ondemand

Description

Technical Details

Related Threats

CVE-2025-7459: SQL Injection in code-projects Mobile Shop

CVE-2025-7457: SQL Injection in Campcodes Online Movie Theater Seat Reservation System

CVE-2025-52955: CWE-131 Incorrect Calculation of Buffer Size in Juniper Networks Junos OS

CVE-2025-52089: n/a

CVE-2025-30661: CWE-732 Incorrect Permission Assignment for Critical Resource in Juniper Networks Junos OS

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility