VDB-329950 · CVE-2025-12280 · GCVE-100-329950

code-projects Client Details System 1.0 /update-clients.php କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ

Dogoggorri kan akka ସମସ୍ୟାଜନକ jedhamuun ramadame code-projects Client Details System 1.0 keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii /update-clients.php keessa. Dhugumatti jijjiirraa gara କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-79 si geessa. Beekumsi kun yeroo 10/26/2025 ifoomsifameera. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2025-12280 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Once again VulDB remains the best source for vulnerability data.

2 ଆଡାପ୍ଟେସନ୍ · 85 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 10/26/2025 05:21 PM	ଅଦ୍ୟତନ 1/1 10/27/2025 11:42 PM
software_vendor	code-projects	code-projects
software_name	Client Details System	Client Details System
software_version	1.0	1.0
software_file	/update-clients.php	/update-clients.php
vulnerability_cwe	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)
vulnerability_risk	1	1
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	H	H
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	N	N
cvss3_vuldb_i	L	L
cvss3_vuldb_a	N	N
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_url	https://github.com/hellonewbie/tutorial/issues/8	https://github.com/hellonewbie/tutorial/issues/8
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://github.com/hellonewbie/tutorial/issues/8	https://github.com/hellonewbie/tutorial/issues/8
source_cve	CVE-2025-12280	CVE-2025-12280
cna_responsible	VulDB	VulDB
software_type	Project Management Software	Project Management Software
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	M	M
cvss2_vuldb_ci	N	N
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	N	N
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_pr	H	H
cvss4_vuldb_ui	P	P
cvss4_vuldb_vc	N	N
cvss4_vuldb_vi	L	L
cvss4_vuldb_va	N	N
cvss4_vuldb_e	P	P
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	3.3	3.3
cvss2_vuldb_tempscore	2.8	2.8
cvss3_vuldb_basescore	2.4	2.4
cvss3_vuldb_tempscore	2.2	2.2
cvss3_meta_basescore	2.4	2.4
cvss3_meta_tempscore	2.2	2.3
cvss4_vuldb_bscore	4.8	4.8
cvss4_vuldb_btscore	1.9	1.9
advisory_date	1761429600 (10/26/2025)	1761429600 (10/26/2025)
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		H
cvss4_cna_ui		P
cvss4_cna_vc		N
cvss4_cna_vi		L
cvss4_cna_va		N
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		4.8
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		H
cvss3_cna_ui		R
cvss3_cna_s		U
cvss3_cna_c		N
cvss3_cna_i		L
cvss3_cna_a		N
cvss3_cna_basescore		2.4
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		M
cvss2_cna_ci		N
cvss2_cna_ii		P
cvss2_cna_ai		N
cvss2_cna_basescore		3.3

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Interested in the pricing of exploits?

See the underground prices here!