CVE-2025-6871

A vulnerability classified as critical has been found in SourceCodester Simple Company Website 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Published: Jun 29, 2025
Updated: Jul 2, 2025
CVE: CVE-2025-6871
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
oretnom23 / simple_company_website	1.0	1.0.x

https://github.com/ez-lbz/poc/issues/27
https://vuldb.com/?ctiid.314343
https://vuldb.com/?id.314343
https://vuldb.com/?submit.603641
https://www.sourcecodester.com/

Vulnerability Database

289,784

CVE-2025-6871