关键信息 漏洞编号: CVE-2025-13451, VDB-333021 漏洞类型: SQL injection 漏洞等级: critical CVSS Meta Temp Score: 6.6 Current Exploit Price: $0-$5k CTI Interest Score: 2.20- Summary A vulnerability has been found in SourceCodester Online Shop Project 1.0 and classified as critical. The impacted element is an unknown function of the file /action.php. Performing manipulation of the argument Search results in sql injection. The attack can be initiated remotely. An exploit exists. Details 受影响文件: /action.php 受影响参数: search 漏洞描述: Manipulation of the search argument with an unknown input leads to a sql injection vulnerability. CWE分类: CWE-89 影响: Impact on confidentiality, integrity, and availability. 公开: The exploitability is told to be easy. Advised at github.com. No form of authentication is required for exploitation. Technical details and a public exploit are known. 攻击技术: T1505