Description
A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
References (4)
Core 4
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.332611
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.332611
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.690087
Various Sources exploit
https://github.com/Nianalb/Report_Online-Banking-System/blob/main/SQL.docx
Scores
CVSS v3
7.3
EPSS
0.0026
EPSS Percentile
17.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-74
CWE-89
Status
published
Products (1)
g33kyrash/Online-Banking-System
12dbfa690e5af649fb72d2e5d3674e88d6743455
Published
Nov 17, 2025
Tracked Since
Feb 18, 2026