CVE-2025-13582 MEDIUM

CVE-2025-13582: code-projects Jonnys Liquor GET Parameter detail.php sql injection

Vendor Code-Projects

Product Jonnys Liquor

Weakness CWE-89 · SQLi

Published November 24, 2025

Last update November 24, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Key dates

02Disclosure timeline

November 24, 2025 CVE published

November 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-13582

Related vulnerabilities

04Related CVE

CVE-2026-4061 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'map_post_type' Parameter CVE-2025-5008 projectworlds Online Time Table Generator add_teacher.php sql injection CVE-2020-15153 Unauthenticated SQL injection in Ampache CVE-2024-9134 Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. CVE-2021-38391