PT-2025-52447 · Code Projects · Scholars Tracking System

Guanyingxin

Publicado

2025-12-19

Atualizado

2025-12-24

CVE-2025-14950

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Scholars Tracking System version 1.0

Description A weakness exists in code-projects Scholars Tracking System 1.0. The issue involves a SQL injection affecting an unknown function within the /delete post.php file. Manipulation of the ID argument can trigger the SQL injection. Remote exploitation is possible, and the exploit has been publicly released.

Recommendations code-projects Scholars Tracking System version 1.0: As a temporary workaround, consider restricting access to the /delete post.php file until a patch is available.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2025-14950

Produtos afetados

Scholars Tracking System

PT-2025-52447 · Code Projects · Scholars Tracking System

CVE-2025-14950

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13