CVE-2025-14940

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Scholars Tracking System version 1.0

Description A SQL injection issue exists in Scholars Tracking System 1.0. The issue is located in the /admin/delete user.php file, specifically within an unknown function. Manipulation of the ID argument can trigger the SQL injection. This allows for remote exploitation. The exploit has been publicly disclosed.

Recommendations Apply updates to address the SQL injection issue in the /admin/delete user.php file. As a temporary workaround, restrict access to the /admin/delete user.php file. Sanitize the ID parameter before using it in SQL queries.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-14940

Affected Products

Scholars Tracking System

CVE-2025-14940

Weakness Enumeration

Related Identifiers

Affected Products

References · 13