PT-2025-52447 · Code Projects · Scholars Tracking System
Guanyingxin
·
Published
2025-12-19
·
Updated
2025-12-24
·
CVE-2025-14950
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
code-projects Scholars Tracking System version 1.0
Description
A weakness exists in code-projects Scholars Tracking System 1.0. The issue involves a SQL injection affecting an unknown function within the
/delete post.php file. Manipulation of the ID argument can trigger the SQL injection. Remote exploitation is possible, and the exploit has been publicly released.Recommendations
code-projects Scholars Tracking System version 1.0: As a temporary workaround, consider restricting access to the
/delete post.php file until a patch is available.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Scholars Tracking System