PT-2025-51163 · Itsourcecode · Sourcecodester Student Management System
Xie Hao
·
Published
2025-12-14
·
Updated
2025-12-14
·
CVE-2025-14661
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
itsourcecode Student Managemen System version 1.0
Description
A flaw exists in itsourcecode Student Managemen System 1.0 related to the manipulation of the
sy argument within the /advisers.php file, leading to a SQL injection condition. This allows for remote exploitation. The exploit has been publicly disclosed. The vulnerable functionality resides within the /advisers.php file. The sy parameter is susceptible to injection attacks.Recommendations
Versions prior to 1.0 should be used. As a temporary workaround, restrict access to the
/advisers.php file. Avoid using the sy parameter in the /advisers.php endpoint until the issue is resolved.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Student Management System