itsourcecode Student Management System list_report.php sql injection

A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

Problem type

Affected products

itsourcecode

Student Management System

1.0 - AFFECTED

References

VDB-338335 | itsourcecode Student Management System list_report.php sql injection

https://vuldb.com/?id.338335

vdb-entrytechnical-description

VDB-338335 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.338335

signaturepermissions-required

Submit #721485 | itsourcecode Student Management System V1.0 SQL Injection

https://vuldb.com/?submit.721485

third-party-advisory

github.com

https://github.com/BUPT424201/CVE/issues/3

exploitissue-tracking

itsourcecode.com

https://itsourcecode.com/

product

GitHub Security Advisories

GHSA-m536-ggcv-cwmj

A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element...

https://github.com/advisories/GHSA-m536-ggcv-cwmj

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-15078

github.com

https://github.com/BUPT424201/CVE/issues/3

itsourcecode.com

https://itsourcecode.com

vuldb.com

https://vuldb.com/?ctiid.338335

vuldb.com

https://vuldb.com/?id.338335

vuldb.com

https://vuldb.com/?submit.721485

github.com

https://github.com/advisories/GHSA-m536-ggcv-cwmj

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-15078

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-15078",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2025-12-25T05:02:06.963Z",
    "dateReserved": "2025-12-24T16:56:50.918Z",
    "datePublished": "2025-12-25T05:02:06.963Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2025-12-25T05:02:06.963Z"
      },
      "title": "itsourcecode Student Management System list_report.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used."
        }
      ],
      "affected": [
        {
          "vendor": "itsourcecode",
          "product": "Student Management System",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.338335",
          "name": "VDB-338335 | itsourcecode Student Management System list_report.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.338335",
          "name": "VDB-338335 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.721485",
          "name": "Submit #721485 | itsourcecode Student Management System V1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/BUPT424201/CVE/issues/3",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://itsourcecode.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 7.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2025-12-24T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2025-12-24T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2025-12-24T18:01:58.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "BUPT_424201 (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}