CVE-2025-3684

Name of the Vulnerable Software and Affected Versions Xianqi Kindergarten Management System version 2.0 Bulid 20190808

Description A critical issue affects the unknown processing of the file stu list.php of the component Child Management. The manipulation of the argument sex leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Recommendations As a temporary workaround, consider disabling the stu list.php file or restricting access to it until a patch is available. Avoid using the sex argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.