PT-2025-53685 · Itsourcecode · Student Management System

Yushu

Published

2025-12-29

Updated

2026-01-02

CVE-2025-15168

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0

Description A SQL injection issue exists in itsourcecode Student Management System 1.0. Manipulation of the ID argument in the /statistical.php file can lead to SQL injection. The attack can be executed remotely. The exploit is publicly available. The vulnerable file is /statistical.php.

Recommendations Apply any available updates to address the issue in the /statistical.php file. As a temporary workaround, restrict access to the /statistical.php file. Sanitize the ID parameter before using it in SQL queries.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2025-15168

Affected Products

Student Management System

PT-2025-53685 · Itsourcecode · Student Management System

CVE-2025-15168

Weakness Enumeration

Related Identifiers

Affected Products

References · 11