ZouLimin

5 exploits Active since Oct 2025
CVE-2025-13279 WRITEUP MEDIUM WRITEUP
Nero Social Networking Site 1.0 - SQL Injection via Profilefriends.php ID Parameter
A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS 6.3
CVE-2025-12309 WRITEUP HIGH WRITEUP
Nero Social Networking Site 1.0 - SQL Injection via ID Parameter in friendprofile.php
A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
CVSS 7.3
CVE-2025-13277 WRITEUP HIGH WRITEUP
Nero Social Networking Site 1.0 - SQL Injection via /friendsphoto.php ID Parameter
A flaw has been found in code-projects Nero Social Networking Site 1.0. This issue affects some unknown processing of the file /friendsphoto.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
CVSS 7.3
CVE-2025-13279 WRITEUP MEDIUM WRITEUP
Nero Social Networking Site 1.0 - SQL Injection via Profilefriends.php ID Parameter
A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS 6.3
CVE-2025-13323 WRITEUP HIGH WRITEUP
Simple Pizza Ordering System 1.0 - SQL Injection via ID Parameter in listorder.php
A security flaw has been discovered in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /listorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
CVSS 7.3