CVE-2025-14640

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Code-Projects Student File Management System version 1.0

Description A flaw exists in Code-Projects Student File Management System version 1.0 that allows for SQL injection. Manipulation of the

stud no

argument in the

/admin/save student.php

file can trigger this issue. The attack can be launched remotely. The exploit has been published.

Recommendations Apply any available updates or patches to address the SQL injection issue in the

/admin/save student.php

file. As a temporary workaround, restrict access to the

/admin/save student.php

file to minimize the risk of exploitation. Sanitize the

stud no

input to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2025-14640

Code-Projects Student Management System