CVE-2025-13276 MEDIUM

CVE-2025-13276: g33kyrash Online-Banking-System index.php sql injection

Vendor G33Kyrash
Product Online-Banking-System
Weakness CWE-89 · SQLi
Published November 17, 2025
Last update November 17, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Key dates

02Disclosure timeline

November 17, 2025 CVE published
November 17, 2025 Record updated