CVE-2025-9238
HIGHSwatadru Exam-Seating-Arrangement - SQL Injection in /student.php
Title source: llmDescription
A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the argument email can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
References (5)
Core 5
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.320771
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.320771
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.631142
Various Sources related
https://gist.github.com/0xSebin/81ce7a296b4220db5ebfdb22fa78c3b3
Various Sources exploit
https://gist.github.com/0xSebin/81ce7a296b4220db5ebfdb22fa78c3b3#steps-to-reproduce
Scores
CVSS v3
7.3
EPSS
0.0005
EPSS Percentile
16.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-74
CWE-89
Status
published
Products (1)
Swatadru/Exam-Seating-Arrangement
97335ccebf95468d92525f4255a2241d2b0b002f
Published
Aug 20, 2025
Tracked Since
Feb 18, 2026