CVE-2025-13325

CVSS v3.1

8.8

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Student Information System version 1.0

Description A SQL injection issue exists in itsourcecode Student Information System version 1.0. Manipulation of the

en id

argument within the /enrollment edit1.php file can lead to SQL injection. This attack can be performed remotely. The exploit has been publicly disclosed.

Recommendations Address the SQL injection issue by sanitizing or validating the

en id

argument in the /enrollment edit1.php file.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2025-13325

Affected Products

Itsourcecode Student Information System

CVE-2025-13325

Weakness Enumeration

Related Identifiers

Affected Products

References · 8