PT-2025-31463 · Unknown · Intern Membership Management System
Xuanyuesanshi
·
Published
2025-07-31
·
Updated
2025-08-05
·
CVE-2025-8339
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Intern Membership Management System version 1.0
Description
A critical issue exists in Intern Membership Management System 1.0. The vulnerability is due to SQL injection caused by the manipulation of the
user name/password argument in the /student login.php file. This allows for remote exploitation. The exploit for this issue has been publicly disclosed.Recommendations
As a temporary workaround, consider restricting access to the
/student login.php file until a fix is available.
Sanitize the user name and password parameters before using them in SQL queries.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Intern Membership Management System