PT-2025-36401 · Itsourcecode · Itsourcecode Student Information Management System

Huayer

Published

2025-09-06

Updated

2025-09-09

CVE-2025-10062

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Student Information Management System version 1.0

Description A vulnerability exists in itsourcecode Student Information Management System that allows for SQL injection. The issue affects an unknown part of the /admin/login.php file. Manipulation of the uname argument can lead to exploitation. The attack can be launched remotely, and the exploit has been publicly disclosed.

Recommendations As a temporary workaround, consider restricting access to the /admin/login.php file until a fix is available. Sanitize the uname argument to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2025-10062

Affected Products

Itsourcecode Student Information Management System

CVE-2025-10062

Weakness Enumeration

Related Identifiers

Affected Products

References · 11