CVE-2025-14644

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0

Description A flaw exists in itsourcecode Student Management System 1.0 that allows for SQL injection. The issue is located in the /update subject.php file, specifically through manipulation of the ID argument within an unknown function. This allows for remote execution of attacks. The exploit has been publicly disclosed.

Recommendations Apply updates to address the issue in the /update subject.php file. As a temporary workaround, restrict access to the ID parameter in the /update subject.php file.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-14644

Affected Products

Student Management System

CVE-2025-14644

Weakness Enumeration

Related Identifiers

Affected Products

References · 13