CVE-2025-65354

CRITICAL

Puneethreddyhc Event Management - SQL Injection

Title source: rule

Description

Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend compromise.

Exploits (2)

nomisec WRITEUP 1 stars

by amaansiddd787 · poc

https://github.com/amaansiddd787/CVE-2025-65354

View Code ZIP pw:eip

nomisec WORKING POC

by EarthAngel666 · poc

https://github.com/EarthAngel666/CVE-2025-65354

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/amaansiddd787/CVE-2025-65354

Scores

CVSS v3 9.8

EPSS 0.0002

EPSS Percentile 5.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

puneethreddyhc/event_management 1.0

Published Dec 23, 2025

Tracked Since Feb 18, 2026