MEDIUM🇵🇱 Wersja polska

CVE-2025-7191

CVSS 5.5v4.0pub. 2025-07-08upd. 2026-04-29

A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Code Projects Student Enrollment

    APP
    Code-Projects
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2023-41505CRITICAL9.8PL ✓ten sam produkt

Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP

CVE-2023-41503CRITICAL9.8PL ✓ten sam produkt

SQL injection w funkcji logowania — Code-Projects Student Enrollment PHP v1.0

CVE-2023-41506CRITICAL9.8PL ✓ten sam produkt

Arbitrary File Upload umożliwiający RCE w Student Enrollment In PHP

CVE-2023-41504HIGH8.8ten sam produkt

SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the St...

CVE-2025-60306CRITICAL9.9PL ✓ten sam vendor

Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień