CVE-2025-45956

CWE-89 ā€” SQL InjectionCWE-787 ā€” Out-of-bounds Write4 documents4 sources
Severity
8.8HIGH
EPSS
0.3%
top 46.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oretnom23 Computer Laboratory Management System
Timeline
PublishedApr 29

Description

A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

šŸ”“Vulnerability Details

2
CVEList
CVE-2025-45956: A SQL injection vulnerability in manage_damageā†—2025-04-29
ā–¶
GHSA
GHSA-3rr5-vgfq-8c8h: A SQL injection vulnerability in manage_damageā†—2025-04-29
ā–¶

šŸ“‹Vendor Advisories

1
Microsoft
Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulā†—2021-12-14
ā–¶
CVE-2025-45956 (HIGH CVSS 8.8) | A SQL injection vulnerability in ma | cvebase.io