CVE-2025-70152

Critical CVSS: 9.8

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.

Vendor

Fabian

Product

Scholars Tracking System

CWE

CWE-89

Yayın Tarihi

2026-02-18 18:24:21

Güncelleme

2026-02-23 17:54:31

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Scholars Tracking System CRITICAL Fabian 2026

Referanslar

https://code-projects.org/scholars-tracking-system-in-php-with-source-code/ https://youngkevinn.github.io/posts/CVE-2025-70152-Scholars-SQLi-Missing-Auth/

Benzer Kayıtlar

Medium

CVE-2026-2912

A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /syst…

High

CVE-2025-70151

code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestr…

Medium

CVE-2026-2224

A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /syst…

Medium

CVE-2026-2223

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some u…

Medium

CVE-2026-2222

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown…

Medium

CVE-2026-2220

A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file…