What is CVE-2025-0200?

A medium-severity SQL injection vulnerability has been identified in the Code-Projects Point of Sales and Inventory Management System. Organizations are urged to address this vulnerability due to its potential impact on data integrity and confidentiality.

What is the severity of CVE-2025-0200?

CVE-2025-0200 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-0200 | Medium Vulnerability in Code-Projects Point of Sales and Inventory Management System

A vulnerability has been found in Code-Projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /user/search_num.php. The manipulation of the argument search leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The CVSS score is 5.3, indicating a medium severity level, and organizations should address this vulnerability in their patch cycle.

Risk to organizations includes unauthorized access to sensitive data, potential data corruption, and the ability for attackers to manipulate or extract information from the database. Given that SQL injection can lead to high confidentiality and integrity impacts, organizations should prioritize addressing this vulnerability.

The vulnerability has been publicly disclosed, and while no active exploitation has been confirmed, organizations are advised to monitor their systems for any unusual activities. Immediate remediation is crucial to mitigate potential risks.

Organizations should prioritize patching immediately. Updating to a fixed version of the affected product is essential to safeguard against potential exploitation.

Vulnerability Details

A vulnerability has been found in Code-Projects Point of Sales and Inventory Management System 1.0 and classified as critical. The vulnerability affects the file /user/search_num.php, where the manipulation of the search argument leads to SQL injection.

The CVSS score is 5.3, indicating a medium severity level. The attack vector is network-based, with low complexity and low privileges required for exploitation. The vulnerability may allow attackers to gain unauthorized access to sensitive data.

Technical Analysis

The root cause of this vulnerability is insufficient input validation on the search parameter in the /user/search_num.php file, which leads to SQL injection. The attack can be executed remotely without requiring user interaction, making it a significant threat.

Attack complexity is low, and only low privileges are required to exploit this vulnerability. The potential impacts include low confidentiality, integrity, and availability.

Risk & Impact Analysis

Real-world deployment of the Code-Projects Point of Sales and Inventory Management System poses risks due to this vulnerability. Organizations using this system should understand the potential for unauthorized data access, which could lead to significant operational impacts.

The urgency for remediation is assessed as medium. Organizations must schedule remediation to prevent possible exploitation, especially given the public disclosure of the vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version is Code-Projects Point of Sales and Inventory Management System 1.0. Organizations should assume that all versions prior to vendor patch are vulnerable.

Mitigation & Remediation

Organizations should prioritize updating to the latest version of Code-Projects Point of Sales and Inventory Management System to address this vulnerability. If a patch is not immediately available, consider implementing input validation and sanitization measures on the search parameters.

Detection Guidance

Monitor logs for unusual database queries related to the /user/search_num.php file. Additionally, track any anomalies in user input that may indicate attempts to exploit this vulnerability.

AppSecure Threat Intelligence Insight

The emergence of this SQL injection vulnerability highlights ongoing security challenges in web applications. Security teams must ensure that input validation is robust and that applications adhere to secure coding practices to mitigate similar risks in the future.

For further insights, organizations can benefit from understanding vulnerability management principles by referring to our vulnerability management program design and how proactive measures can significantly reduce exposure.

Finally, organizations should consider engaging in penetration testing to validate their security posture and uncover additional vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0200: Medium Vulnerability in Code-Projects Point of Sales and Inventory Management System