CVE-2025-51092

CRITICAL

LogIn-SignUp - SQL Injection via Unsafe Query Construction in DataBase.php

Title source: llm

Description

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn() and signUp() build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareData() function exists, it is insufficient to prevent SQL injection and does not sanitize the table name.

References (1)

Core 1

Core References

Third Party Advisory

https://abimelsbk.hashnode.dev/sql-injection-vulnerability-at-login-signup-php-project

Scores

CVSS v3 9.8

EPSS 0.0038

EPSS Percentile 30.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

vishnusivadas/login-signup

Published Aug 22, 2025

Tracked Since Feb 18, 2026