CVE-2024-27685

HIGH

Student Record system <3.20 - SQL Injection

Title source: llm

Description

SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to the $cshortname, $cfullname, and $cdate variables.

References (2)

Core 2

Core References

Third Party Advisory

https://medium.com/@cnetsec/a-sql-injection-vulnerability-exists-in-the-student-record-system-using-php-and-mysql-v3-20-df2c6fe7dc15

Product

https://phpgurukul.com/student-record-system-php/

Scores

CVSS v3 7.1

EPSS 0.0016

EPSS Percentile 36.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

phpgurukul/student_record_system 3.20

Published Jun 25, 2025

Tracked Since Feb 18, 2026