A vulnerability, which was classified as critical, has been found in 1000projects ABC Courier Management 1.0. Affected by this issue is some unknown functionality of the file /add_dealerrequest.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7466 is a critical SQL Injection vulnerability identified in version 1.0 of the 1000projects ABC Courier Management software. The vulnerability exists in the /add_dealerrequest.php file, specifically through the manipulation of the 'Name' parameter. This parameter is not properly sanitized or validated, allowing an attacker to inject malicious SQL code. The vulnerability can be exploited remotely without requiring any authentication or user interaction, making it highly accessible to attackers. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized data disclosure, data modification, or even complete compromise of the database server. The CVSS 4.0 base score is 6.9, indicating a medium severity level, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and partial impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the public disclosure of the vulnerability increases the risk of exploitation. The lack of available patches or mitigation links further exacerbates the threat. Given the nature of the software—courier management—this vulnerability could expose sensitive customer and shipment data, disrupt logistics operations, and damage organizational reputation.

CVE Database V5

Detailed information about CVE-2025-7466: SQL Injection in 1000projects ABC Courier Management affecting 1000projects ABC Courier Management. Get real-time upda

CVE-2025-7466: SQL Injection in 1000projects ABC Courier Management - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7466: SQL Injection in 1000projects ABC Courier Management

The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_submit_upload_file() function in all versions up to, and including, 2.3.5. This makes it possible for authenticated attackers with Subscriber-level access or higher to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE-2025-6423 is a critical security vulnerability affecting the BeeTeam368 Extensions plugin for WordPress, specifically versions up to and including 2.3.5. The vulnerability arises from improper validation of uploaded file types in the handle_submit_upload_file() function, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). This flaw allows authenticated users with as low as Subscriber-level privileges to upload arbitrary files to the server hosting the WordPress site. Since the plugin fails to restrict or validate the file types being uploaded, attackers can potentially upload malicious files such as web shells or scripts that enable remote code execution (RCE). The CVSS v3.1 score of 8.8 (High severity) reflects the vulnerability's ease of exploitation (network attack vector, low attack complexity, privileges required but only low-level), and its significant impact on confidentiality, integrity, and availability. Exploiting this vulnerability does not require user interaction and affects all versions of the plugin. Although no known exploits are currently reported in the wild, the vulnerability's nature and severity make it a prime target for attackers aiming to compromise WordPress sites by gaining remote control over the server environment. The absence of patch links suggests that a fix may not yet be publicly available, increasing the urgency for mitigation.

Detailed information about CVE-2025-6423: CWE-434 Unrestricted Upload of File with Dangerous Type in beeteam368 BeeTeam368 Extensions affecting beeteam368 BeeTe

CVE-2025-6423: CWE-434 Unrestricted Upload of File with Dangerous Type in beeteam368 BeeTeam368 Extensions - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-6423: CWE-434 Unrestricted Upload of File with Dangerous Type in beeteam368 BeeTeam368 Extensions

A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7465 is a critical buffer overflow vulnerability identified in the Tenda FH1201 router, specifically affecting firmware version 1.2.0.14. The vulnerability resides in the HTTP POST request handler component, within the function fromRouteStatic located at the endpoint /goform/fromRouteStatic. The flaw is triggered by manipulating the 'page' argument in the HTTP POST request, which leads to a buffer overflow condition. This type of vulnerability can allow an attacker to overwrite memory adjacent to the buffer, potentially enabling arbitrary code execution, denial of service, or system crashes. The vulnerability is remotely exploitable without requiring user interaction or authentication, making it highly dangerous. The CVSS 4.0 base score is 8.7 (high severity), reflecting the ease of exploitation (network attack vector, low attack complexity), no privileges required, and no user interaction needed. The vulnerability impacts the confidentiality, integrity, and availability of the device, as successful exploitation could allow attackers to execute arbitrary code with elevated privileges, potentially taking full control of the router. Although no public exploits are currently known to be actively used in the wild, the exploit details have been publicly disclosed, increasing the risk of imminent exploitation by threat actors. The lack of available patches at the time of disclosure further exacerbates the risk for affected users. Given that Tenda FH1201 routers are commonly deployed in home and small office environments, exploitation could lead to compromised network infrastructure, interception of network traffic, and pivoting attacks into internal networks.

Detailed information about CVE-2025-7465: Buffer Overflow in Tenda FH1201 affecting Tenda FH1201. Get real-time updates, technical details, and mitigation strat

CVE-2025-7465: Buffer Overflow in Tenda FH1201 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7465: Buffer Overflow in Tenda FH1201

A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP POST Request Handler. The manipulation of the argument mit_ssid leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7463 is a critical buffer overflow vulnerability identified in the Tenda FH1201 router, specifically in version 1.2.0.14. The flaw exists within the HTTP POST request handler component, particularly in the function formWrlsafeset located in the /goform/AdvSetWrlsafeset endpoint. The vulnerability arises from improper handling of the 'mit_ssid' argument, which when manipulated by an attacker, causes a buffer overflow. This type of vulnerability can lead to arbitrary code execution or denial of service conditions. The attack vector is remote and does not require user interaction or prior authentication, making exploitation relatively straightforward. The CVSS v4.0 base score is 8.7, indicating a high severity level, with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact on confidentiality, integrity, and availability is high, as exploitation could allow an attacker to execute arbitrary code remotely, potentially taking full control of the affected device. Although no public exploits are currently known to be actively used in the wild, the exploit details have been publicly disclosed, increasing the risk of future exploitation. The lack of available patches at the time of disclosure further elevates the threat level for users of this router firmware version.

Detailed information about CVE-2025-7463: Buffer Overflow in Tenda FH1201 affecting Tenda FH1201. Get real-time updates, technical details, and mitigation strat

CVE-2025-7463: Buffer Overflow in Tenda FH1201 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7463: Buffer Overflow in Tenda FH1201

A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /product-detail.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7467: SQL Injection in code-projects Modern Bag affecting code-projects Modern Bag. Get real-time updates, technical details

CVE-2025-7467: SQL Injection in code-projects Modern Bag

CVE-2025-7467: SQL Injection in code-projects Modern Bag

Description

Technical Details

Related Threats

CVE-2025-7466: SQL Injection in 1000projects ABC Courier Management

CVE-2025-6423: CWE-434 Unrestricted Upload of File with Dangerous Type in beeteam368 BeeTeam368 Extensions

CVE-2025-7465: Buffer Overflow in Tenda FH1201

CVE-2025-7463: Buffer Overflow in Tenda FH1201

CVE-2025-7462: NULL Pointer Dereference in Artifex GhostPDL

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility