CVE-2025-12252 MEDIUM

CVE-2025-12252: code-projects Online Event Judging System action.php sql injection

Vendor Code-Projects

Product Online Event Judging System

Weakness CWE-89 · SQLi

Published October 27, 2025

Last update October 27, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

Key dates

02Disclosure timeline

October 27, 2025 CVE published

October 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12252

Related vulnerabilities

04Related CVE

CVE-2024-58316 Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter CVE-2026-25879 Langroid has Prompt to SQL Injection, Leading to RCE CVE-2025-21619 GLPI allows SQL injection through the rules configuration CVE-2025-60108 WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerability CVE-2022-45786 Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection