Vulnerability Details CVE-2025-65354
Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend compromise.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.2%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-65354
-
cpe:2.3:a:puneethreddyhc:event_management:1.0