CVE-2025-66947

2025-12-26 0:0CVE-2025-66947mitre

PUBLISHED5.2

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP() to infer database contents. Successful exploitation may lead to full database compromise, especially within an administrative module.

Affected products

n/a - AFFECTED

References

github.com

https://github.com/kabir0104k/CVE-2025-66947/blob/main/README.md

GitHub Security Advisories

GHSA-fmqj-pm68-cqq4

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class...

https://github.com/advisories/GHSA-fmqj-pm68-cqq4

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-66947

github.com

https://github.com/kabir0104k/CVE-2025-66947/blob/main/README.md

github.com

https://github.com/advisories/GHSA-fmqj-pm68-cqq4

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-66947

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-66947",
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "dateUpdated": "2025-12-26T16:31:09.014Z",
    "dateReserved": "2025-12-08T00:00:00.000Z",
    "datePublished": "2025-12-26T00:00:00.000Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre",
        "dateUpdated": "2025-12-26T14:53:07.508Z"
      },
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP() to infer database contents. Successful exploitation may lead to full database compromise, especially within an administrative module."
        }
      ],
      "affected": [
        {
          "vendor": "n/a",
          "product": "n/a",
          "versions": [
            {
              "version": "n/a",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "n/a",
              "type": "text"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/kabir0104k/CVE-2025-66947/blob/main/README.md"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2025-12-26T16:31:09.014Z"
        },
        "title": "CISA ADP Vulnrichment",
        "problemTypes": [
          {
            "descriptions": [
              {
                "lang": "en",
                "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                "cweId": "CWE-89",
                "type": "CWE"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "version": "3.1",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "attackVector": "NETWORK",
              "attackComplexity": "LOW",
              "privilegesRequired": "NONE",
              "userInteraction": "NONE",
              "scope": "UNCHANGED",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM"
            }
          },
          {}
        ]
      }
    ]
  }
}