CVE-2025-4795

Name of the Vulnerable Software and Affected Versions: gongfuxiang schoolcms version 2.3.1

Description: A critical issue has been discovered, affecting the SaveInfo function of the file "/index.php?m=Admin&c=article&a=SaveInfo". The manipulation of the ID argument leads to SQL injection. This issue can be exploited remotely.

Recommendations: For gongfuxiang schoolcms version 2.3.1, as a temporary workaround, consider disabling the SaveInfo function until a patch is available. Restrict access to the "/index.php?m=Admin&c=article&a=SaveInfo" endpoint to minimize the risk of exploitation. Avoid using the ID argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.