CVE-2025-52410

Critical CVSS: 9.8

Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The `myds` GET parameter is not adequately sanitized before being used in SQL queries.

Vendor

Vishalmathur

Product

Institute-of-current-students

CWE

CWE-89

Yayın Tarihi

2025-11-20 17:15:50

Güncelleme

2025-12-12 15:29:56

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Institute-of-current-students CRITICAL Vishalmathur 2025

Referanslar

https://github.com/mathurvishal/Institute-of-Current-Students---PHP-Project/issues/2

Benzer Kayıtlar

Medium

CVE-2026-2058

A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This im…

Critical

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts…

Medium

CVE-2025-50866

CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of t…

Medium

CVE-2025-50867

A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where th…

Medium

CVE-2025-44608

CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.

Medium

CVE-2025-51411

A reflected cross-site scripting (XSS) vulnerability exists in Institute-of-Current-Students v1.0 via the email paramete…