CVE-2025-14565

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions kidaze CourseSelectionSystem versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464

Description A flaw exists in kidaze CourseSelectionSystem that allows for remote SQL injection. The issue is located in the /Profilers/SProfile/login1.php file, specifically through manipulation of the Username argument within an unknown function. The exploit is publicly available.

Recommendations Versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464 should be updated. As a temporary workaround, restrict access to the /Profilers/SProfile/login1.php file. Sanitize the Username input to prevent SQL injection attacks.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-14565

Affected Products

Courseselectionsystem

CVE-2025-14565

Weakness Enumeration

Related Identifiers

Affected Products

References · 8