PT-2025-46706 · Sourcecodester · Sourcecodester Alumni Management System
Casey33
·
Published
2025-11-12
·
Updated
2025-11-12
·
CVE-2025-13059
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Alumni Management System version 1.0
Description
A flaw exists in SourceCodester Alumni Management System 1.0. The issue is related to the manipulation of the
ID argument within an unknown function of the /manage career.php file, leading to a SQL injection condition. Remote exploitation is possible. The exploit has been publicly released.Recommendations
Apply any available updates or patches for SourceCodester Alumni Management System version 1.0.
As a temporary workaround, restrict access to the
/manage career.php file.
Sanitize the ID parameter before using it in any database queries.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Alumni Management System