A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/salut_del.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://code-projects.org/ | Product |
| https://github.com/intercpt/XSS1/blob/main/SQL12.md | Exploit Third Party Advisory |
| https://github.com/intercpt/XSS1/blob/main/SQL12.md | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.299892 | Permissions Required VDB Entry |
| https://vuldb.com/?id.299892 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.516917 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
02 Apr 2025, 12:30
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://vuldb.com/?ctiid.299892 - Permissions Required, VDB Entry | |
| References | () https://code-projects.org/ - Product | |
| References | () https://github.com/intercpt/XSS1/blob/main/SQL12.md - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?submit.516917 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?id.299892 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:a:code-projects:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:* | |
| First Time |
Code-projects online Class And Exam Scheduling System
Code-projects |
18 Mar 2025, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-03-17 21:15
Updated : 2025-04-02 12:30
NVD link : CVE-2025-2393
Mitre link : CVE-2025-2393
JSON object : View
Products Affected
code-projects
- online_class_and_exam_scheduling_system
CWE
No CWE.