CVE-2025-40731

CRITICAL

Daily Expense Manager 1.0 - SQL Injection via pname, pprice, and id Parameters

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and id parameters in /update.php.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0019
EPSS Percentile 40.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
code-projects/daily_expense_manager 1.0
Published Jun 30, 2025
Tracked Since Feb 18, 2026