PT-2025-41575 · Unknown · Computer Laboratory System
Yulin Chen
·
Published
2025-10-10
·
Updated
2025-10-21
·
CVE-2025-60307
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
code-projects Computer Laboratory System version 1.0
Description
The software contains a SQL injection flaw. Specifically, providing a universal password in the
Password field on the login page allows bypassing authentication. The affected API endpoint is the login page. The vulnerable parameter is Password.Recommendations
Apply a fix to sanitize user input for the
Password field on the login page to prevent SQL injection.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Computer Laboratory System