PT-2025-52510 · Itsourcecode · Sourcecodester Student Management System

Meipei

Publicado

2025-12-19

Atualizado

2025-12-20

CVE-2025-14967

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0

Description A flaw exists in itsourcecode Student Management System 1.0 within an unknown functionality of the file /candidates report.php. Manipulation of the school year argument can lead to SQL injection. This attack can be initiated remotely, and an exploit is publicly available.

Recommendations Apply input validation and sanitization to the school year argument in the /candidates report.php file.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-14967

Produtos afetados

Sourcecodester Student Management System

PT-2025-52510 · Itsourcecode · Sourcecodester Student Management System

CVE-2025-14967

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10