A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7755 is a vulnerability identified in version 1.0 of the code-projects Online Ordering System. The flaw resides in the /admin/edit_product.php endpoint, specifically in the handling of the 'image' parameter. This vulnerability allows an attacker to perform an unrestricted file upload, meaning that the system does not properly validate or restrict the types or contents of files uploaded through this interface. Because the upload functionality is accessible remotely and does not require user interaction or authentication beyond low privileges, an attacker can exploit this flaw to upload malicious files such as web shells or scripts. These files could then be executed on the server, potentially leading to remote code execution, data compromise, or further system compromise. The CVSS 4.0 score of 5.3 (medium severity) reflects that while the attack vector is network-based and requires low privileges, the impact on confidentiality, integrity, and availability is limited to low levels individually, but combined could be significant. The vulnerability has been publicly disclosed, but no known exploits are currently reported in the wild. However, the presence of public disclosure increases the risk of exploitation attempts. The lack of patches or mitigation details from the vendor increases the urgency for organizations to implement compensating controls.

CVE Database V5

Detailed information about CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System affecting code-projects Online Ordering System. Get real-t

CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System

nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin.

CVE-2025-50240 is a SQL injection vulnerability identified in nbcio-boot version 1.0.3. The vulnerability exists in the /sys/user/deleteRecycleBin endpoint, specifically via the userIds parameter. SQL injection vulnerabilities occur when untrusted input is improperly sanitized and directly incorporated into SQL queries, allowing an attacker to manipulate the database query. In this case, an attacker could craft malicious input for the userIds parameter to execute arbitrary SQL commands against the backend database. This could lead to unauthorized data access, data modification, or deletion, and potentially allow privilege escalation or further compromise of the application and underlying systems. The vulnerability does not have a CVSS score assigned yet, and no known exploits in the wild have been reported as of the published date. The lack of patch links suggests that a fix may not yet be publicly available. The vulnerability affects nbcio-boot v1.0.3, but no other version information is provided. The endpoint involved, /sys/user/deleteRecycleBin, implies that the function is related to user account management, specifically the deletion of recycled or soft-deleted user records, which could be a sensitive operation with elevated privileges. Exploitation would likely not require authentication if the endpoint is exposed without proper access controls, but this is not explicitly stated. Given the nature of SQL injection, the attack could be automated and remotely executed, increasing the risk of exploitation if the system is internet-facing or accessible by untrusted users.

Detailed information about CVE-2025-50240: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-50240: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-50240: n/a

NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability may lead to information disclosure.

CVE-2025-23269 is a medium-severity vulnerability affecting NVIDIA Jetson Orin and Xavier devices running Jetson Linux. The vulnerability arises from a shared microarchitectural predictor state within the kernel that influences transient execution, leading to exposure of sensitive information. Specifically, this is a side-channel type vulnerability related to speculative execution, where an attacker with limited privileges (low privileges) but local access can exploit the shared predictor state to infer confidential data from other processes or kernel memory. The vulnerability does not require user interaction but does require local access and has a high attack complexity, limiting remote exploitation. The affected versions include all Jetson Orin devices prior to JP5.x: 35.6.2 and JP6.x: 36.4.4, and all Jetson Xavier devices prior to JP5.x: 35.6.2. The CVSS v3.1 base score is 4.7, reflecting a medium severity primarily due to the high complexity and limited attack vector (local). The vulnerability is categorized under CWE-1423, which relates to exposure of sensitive information caused by shared microarchitectural predictor state influencing transient execution, a class of side-channel attacks similar in nature to Spectre/Meltdown variants but specific to NVIDIA's Jetson platform. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may require vendor updates or kernel patches once available. This vulnerability could allow attackers to leak sensitive data such as cryptographic keys or proprietary information processed on these embedded AI and edge computing devices.

Detailed information about CVE-2025-23269: CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Trans

CVE-2025-23269: CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution in NVIDIA Jetson Orin and Xavier Devices - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-23269: CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution in NVIDIA Jetson Orin and Xavier Devices

A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7754 is a SQL Injection vulnerability identified in version 1.0 of the code-projects Patient Record Management System, specifically within the /xray_form.php file. The vulnerability arises from improper sanitization or validation of the 'itr_no' parameter, which is susceptible to malicious input manipulation. An attacker can remotely exploit this flaw by injecting crafted SQL commands through the 'itr_no' argument, potentially allowing unauthorized access to the underlying database. This could lead to unauthorized data retrieval, modification, or deletion of patient records stored within the system. The vulnerability does not require user interaction and can be exploited over the network without authentication, increasing the risk of automated or widespread attacks. Although the CVSS 4.0 base score is 5.3 (medium severity), the impact on confidentiality, integrity, and availability is notable due to the sensitive nature of patient data managed by the system. No official patches or fixes have been published yet, and while no known exploits are currently observed in the wild, the public disclosure of the exploit details raises the risk of imminent exploitation attempts. The vulnerability affects only version 1.0 of the product, which suggests that organizations using this specific version are at risk. Given the criticality of healthcare data, the presence of this vulnerability in a patient record management system is a significant concern.

Detailed information about CVE-2025-7754: SQL Injection in code-projects Patient Record Management System affecting code-projects Patient Record Management Syst

CVE-2025-7754: SQL Injection in code-projects Patient Record Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7754: SQL Injection in code-projects Patient Record Management System

A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7756: Cross-Site Request Forgery in code-projects E-Commerce Site affecting code-projects E-Commerce Site. Get real-time upd

CVE-2025-7756: Cross-Site Request Forgery in code-projects E-Commerce Site

CVE-2025-7756: Cross-Site Request Forgery in code-projects E-Commerce Site

Description

Technical Details

Related Threats

CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System

CVE-2025-50240: n/a

CVE-2025-23269: CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution in NVIDIA Jetson Orin and Xavier Devices

CVE-2025-7754: SQL Injection in code-projects Patient Record Management System

CVE-2025-23270: CWE-392: Missing Report of Error Condition in NVIDIA Jetson Orin, IGX Orin and Xavier Devices

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility