MEDIUM🇬🇧 English

CVE-2025-7191

CVSS 5.5v4.0pub. 2025-07-08upd. 2026-04-29

A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Code Projects Student Enrollment

    APP
    Code-Projects
    1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2023-41505CRITICAL9.8PL ✓ten sam produkt

Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP

CVE-2023-41503CRITICAL9.8PL ✓ten sam produkt

SQL injection w funkcji logowania — Code-Projects Student Enrollment PHP v1.0

CVE-2023-41506CRITICAL9.8PL ✓ten sam produkt

Arbitrary File Upload umożliwiający RCE w Student Enrollment In PHP

CVE-2023-41504HIGH8.8ten sam produkt

SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the St...

CVE-2025-60306CRITICAL9.9PL ✓ten sam vendor

Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień