Vulnerability Details CVE-2025-11056
A flaw has been found in ProjectsAndPrograms School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file owner_panel/fetch-data/select-students.php. This manipulation of the argument select causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.6%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 6.5
References
- https://gold-textbook-8ff.notion.site/school-management-system-student_panel-Owner-end-select-students-php-delay-SQL-injection-27485e97f35380a1b482c8e079cd6503
- https://vuldb.com/?ctiid.326096
- https://vuldb.com/?id.326096
- https://vuldb.com/?submit.659463
- https://gold-textbook-8ff.notion.site/school-management-system-student_panel-Owner-end-select-students-php-delay-SQL-injection-27485e97f35380a1b482c8e079cd6503
Products affected by CVE-2025-11056
-
cpe:2.3:a:oranbyte:school_management_system:1.0