CVE-2025-4728 MEDIUM

CVE-2025-4728: SourceCodester Best Online News Portal search.php sql injection

Vendor Sourcecodester
Product Best Online News Portal
Weakness CWE-89 · SQLi
Published May 15, 2025
Last update May 16, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

May 15, 2025 CVE published
May 16, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-25928 WordPress Sitepact's Contact Form 7 Extension For Klaviyo Plugin <= 1.0.5 is vulnerable to SQL Injection CVE-2025-32626 WordPress JS Job Manager plugin <= 2.0.2 - SQL Injection vulnerability CVE-2026-7282 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_expired sql injection CVE-2024-0484 code-projects Fighting Cock Information System update_mother.php sql injection CVE-2025-3957 opplus springboot-admin SysLogDao.xml sql injection