CVE-2025-66947

Name of the Vulnerable Software and Affected Versions krishanmuraiji SMS version 1.0

Description A SQL injection issue exists in krishanmuraiji SMS version 1.0. The issue is located within the '/studentms/admin/edit-class-detail.php' file and is triggered through the editid GET parameter. An attacker can use SQL SLEEP() to cause controlled delays and extract database information. Exploitation could result in complete database compromise, particularly within the administrative module.

Recommendations Apply a fix for krishanmuraiji SMS version 1.0 to address the SQL injection issue in the '/studentms/admin/edit-class-detail.php' file. As a temporary workaround, restrict access to the /studentms/admin/edit-class-detail.php file. Sanitize the editid GET parameter to prevent SQL injection attacks.