CVE-2025-13395 MEDIUM

CVE-2025-13395: codehub666 94list function.php login sql injection

Vendor Codehub666
Product 94list
Weakness CWE-89 · SQLi
Published November 19, 2025
Last update November 19, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Key dates

02Disclosure timeline

November 19, 2025 CVE published
November 19, 2025 Record updated