PT-2025-38154 · Sourcecodester · Online Student Management System

Quchunyi2

Publicado

2025-09-17

Atualizado

2025-09-17

CVE-2025-10594

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Online Student File Management System version 1.0

Description A SQL injection flaw exists in the /admin/delete student.php file due to manipulation of the stud id argument. This issue is remotely exploitable. The exploit has been published.

Recommendations As a temporary workaround, consider restricting access to the /admin/delete student.php file to minimize the risk of exploitation. Sanitize the stud id parameter before using it in SQL queries.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2025-10594

Produtos afetados

Online Student Management System

PT-2025-38154 · Sourcecodester · Online Student Management System

CVE-2025-10594

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8