itsourcecode Student Management System form137.php sql injection

A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Problem type

Affected products

itsourcecode

Student Management System

1.0 - AFFECTED

References

VDB-338334 | itsourcecode Student Management System form137.php sql injection

https://vuldb.com/?id.338334

vdb-entrytechnical-description

VDB-338334 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.338334

signaturepermissions-required

Submit #721484 | itsourcecode Student Management System V1.0 SQL Injection

https://vuldb.com/?submit.721484

third-party-advisory

github.com

https://github.com/BUPT424201/CVE/issues/2

exploitissue-tracking

itsourcecode.com

https://itsourcecode.com/

product

GitHub Security Advisories

GHSA-hxpf-jx7m-hmj8

A security vulnerability has been detected in itsourcecode Student Management System 1.0. The...

https://github.com/advisories/GHSA-hxpf-jx7m-hmj8

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-15077

github.com

https://github.com/BUPT424201/CVE/issues/2

itsourcecode.com

https://itsourcecode.com

vuldb.com

https://vuldb.com/?ctiid.338334

vuldb.com

https://vuldb.com/?id.338334

vuldb.com

https://vuldb.com/?submit.721484

github.com

https://github.com/advisories/GHSA-hxpf-jx7m-hmj8

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-15077

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-15077",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2025-12-25T04:02:08.003Z",
    "dateReserved": "2025-12-24T16:56:47.825Z",
    "datePublished": "2025-12-25T04:02:08.003Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2025-12-25T04:02:08.003Z"
      },
      "title": "itsourcecode Student Management System form137.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used."
        }
      ],
      "affected": [
        {
          "vendor": "itsourcecode",
          "product": "Student Management System",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.338334",
          "name": "VDB-338334 | itsourcecode Student Management System form137.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.338334",
          "name": "VDB-338334 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.721484",
          "name": "Submit #721484 | itsourcecode Student Management System V1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/BUPT424201/CVE/issues/2",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://itsourcecode.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 7.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2025-12-24T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2025-12-24T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2025-12-24T18:01:56.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "BUPT_424201 (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}