CVE-2025-63939: Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, al

Description

Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter.

Affected Products

Vendor	Product	Versions
anirudhkannan	grocery store management system	n/a

References

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2025-63939

Related News (1 articles)

Tier C

VulDB22h ago

CVE-2025-63939 | anirudhkannan Grocery Store Management System 1.0 POST Parameter search_products_itname.php sitem_name sql injection

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-89

PublishedApr 14, 2026

Last enriched13h agov2

Trending Score44

Source articles1

Independent1

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 13h ago

v2Tier C22h ago

Updated vendor to 'anirudhkannan', product to 'Grocery Store Management System', added affected version '1.0', and marked the vulnerability as actively exploited.

affectedVersionsactivelyExploited

via VulDB

v123h ago

Initial creation