PT-2025-51139 · Unknown · Code-Projects Student Management System
Jjzr
·
Published
2025-12-14
·
Updated
2025-12-19
·
CVE-2025-14640
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Code-Projects Student File Management System version 1.0
Description
A flaw exists in Code-Projects Student File Management System version 1.0 that allows for SQL injection. Manipulation of the
stud no argument in the /admin/save student.php file can trigger this issue. The attack can be launched remotely. The exploit has been published.Recommendations
Apply any available updates or patches to address the SQL injection issue in the
/admin/save student.php file.
As a temporary workaround, restrict access to the /admin/save student.php file to minimize the risk of exploitation.
Sanitize the stud no input to prevent SQL injection attacks.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Code-Projects Student Management System