CVE-2025-14834 MEDIUM

CVE-2025-14834: code-projects Simple Stock System checkuser.php sql injection

Vendor Code-Projects

Product Simple Stock System

Weakness CWE-89 · SQLi

Published December 17, 2025

Last update February 24, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in code-projects Simple Stock System 1.0. This affects an unknown function of the file /checkuser.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Key dates

02Disclosure timeline

December 17, 2025 CVE published

February 24, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-14834

Related vulnerabilities

04Related CVE

CVE-2025-6767 sfturing hosp_order DoctorServiceImpl.java findDoctorByCondition sql injection CVE-2024-5108 Campcodes Complete Web-Based School Management System student_payment_details4.php sql injection CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection CVE-2024-10597 ESAFENET CDG PolicyActionService.java delPolicyAction sql injection CVE-2023-6657 SourceCodester Simple Student Attendance System student_form.php sql injection