CVE-2025-4467 — Injection in Online Student Clearance System

CWE-74 — Injection CWE-89 — SQL Injection CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.2%

top 57.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Online Student Clearance System Senior-walter Online Student Clearance System

Timeline

PublishedMay 9

Description

A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-admin.php. The manipulation of the argument id/txtfullname/txtemail/cmddesignation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/online_student_clearance_system1.0

▶NVDsenior-walter/online_student_clearance_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Online Student Clearance System edit-admin.php sql injection↗2025-05-09

▶

GHSA

GHSA-p7xr-gpcg-fvw3: A vulnerability was found in SourceCodester Online Student Clearance System 1↗2025-05-09

▶

📋Vendor Advisories

Microsoft

Qemu-kvm: 'qemu-img info' leads to host file read/write↗2024-07-09

▶