CVE-2025-66947

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N                                    

Vulnerability Description

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP() to infer database contents. Successful exploitation may lead to full database compromise, especially within an administrative module.

Vulnerability Details

Published Date

December 26, 2025

Last Modified

December 31, 2025

CWE ID

CWE-89

Source

NVD

Vendor

krishanmurariji

Product

student_management_system

External References

https://github.com/kabir0104k/CVE-2025-66947/blob/main/README.md

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment