CVE-2025-2657 – projectworlds Apartment Visitors Management System front.php sql injection

https://notcve.org/view.php?id=CVE-2025-2657

23 Mar 2025 — A vulnerability classified as critical was found in projectworlds Apartment Visitors Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /front.php. The manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ydnd/cve/issues/5 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •