CVE-2025-66947

MEDIUM

Krishanmurariji Student Management System - SQL Injection

Title source: rule

Description

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP() to infer database contents. Successful exploitation may lead to full database compromise, especially within an administrative module.

Exploits (1)

nomisec WRITEUP 1 stars

by kabir0104k · poc

https://github.com/kabir0104k/CVE-2025-66947

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/kabir0104k/CVE-2025-66947/blob/main/README.md

Scores

CVSS v3 6.5

EPSS 0.0001

EPSS Percentile 1.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-89

Status published

Products (1)

krishanmurariji/student_management_system 1.0

Published Dec 26, 2025

Tracked Since Feb 18, 2026