CVE-2025-14537

🗓️ 11 Dec 2025 20:32:06Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 2 Views🌐 WEB

CVE-2025-14537 affects code-projects Timetable Management; preview7.php has SQL injection via course_year_section/semester.

Reporter	Title	Published	Views	Family All 8
CNNVD	Code-Projects Class and Exam Timetable Management SQL注入漏洞	11 Dec 202500:00	–	cnnvd
CNVD	Class and Exam Timetable Management /preview7.php File SQL Injection Vulnerability	18 Dec 202500:00	–	cnvd
Cvelist	CVE-2025-14537 code-projects Class and Exam Timetable Management preview7.php sql injection	11 Dec 202520:32	–	cvelist
EUVD	EUVD-2025-202875	11 Dec 202520:32	–	euvd
NVD	CVE-2025-14537	11 Dec 202521:15	–	nvd
Positive Technologies	PT-2025-50727	11 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-14537	12 Dec 202521:16	–	redhatcve
Vulnrichment	CVE-2025-14537 code-projects Class and Exam Timetable Management preview7.php sql injection	11 Dec 202520:32	–	vulnrichment

NVD

Vulners

Node

fabian class_and_exam_timetable_management_systemMatch1.0

[
  {
    "vendor": "code-projects",
    "product": "Class and Exam Timetable Management",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
code-projects	www.code-projects.org/
github	www.github.com/woshilaiyi/cve/issues/14
vuldb	www.vuldb.com/
github	www.github.com/woshilaiyi/cve/issues/13
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
course_year_section	query param	/preview7.php	SQL injection via manipulated course_year_section/semester parameter in /preview7.php	CWE-74, CWE-89
semester	query param	/preview7.php	SQL injection via manipulated course_year_section/semester parameter in /preview7.php	CWE-74, CWE-89

29 Apr 2026 01:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.17.3 - 9.8

CVSS 46.9

CVSS 27.5

CVSS 37.3

EPSS0.00034

SSVC