Mojoomla School Management vulnerabilities
9 known vulnerabilities affecting mojoomla/school_management.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-47573P2CRITICALCVSS 9.3≥ n/a, ≤ 92.0.02025-06-17
CVE-2025-47573 [CRITICAL] CWE-89 CVE-2025-47573: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from n/a through 92.0.0.
nvd
CVE-2025-15656P3HIGHCVSS 8.8≥ n/a, ≤ 93.2.02026-06-03
CVE-2025-15656 [HIGH] CWE-266 CVE-2025-15656: Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalati
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation.
This issue affects School Management: from n/a through 93.2.0.
nvd
CVE-2025-47575P3HIGHCVSS 8.5≥ n/a, ≤ 92.0.02025-05-23
CVE-2025-47575 [HIGH] CWE-89 CVE-2025-47575: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0.
nvd
CVE-2025-47572P3HIGHCVSS 7.5≥ n/a, ≤ 93.0.02025-06-17
CVE-2025-47572 [HIGH] CWE-98 CVE-2025-47572: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This issue affects School Management: from n/a through 93.0.0.
nvd
CVE-2025-15655P3HIGHCVSS 7.6≥ n/a, ≤ 93.2.02026-06-03
CVE-2025-15655 [HIGH] CWE-89 CVE-2025-15655: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection.
This issue affects School Management: from n/a through 93.2.0.
nvd
CVE-2025-48108P3MEDIUMCVSS 6.5≥ n/a, ≤ 93.2.02025-08-26
CVE-2025-48108 [MEDIUM] CWE-862 CVE-2025-48108: Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Conf
Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0.
nvd
CVE-2025-47613P4HIGHCVSS 7.1≥ n/a, ≤ 92.0.02025-05-23
CVE-2025-47613 [HIGH] CWE-79 CVE-2025-47613: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.
nvd
CVE-2025-47574P4HIGHCVSS 7.1≥ n/a, ≤ 92.0.02025-06-27
CVE-2025-47574 [HIGH] CWE-79 CVE-2025-47574: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.
nvd
CVE-2025-15657MEDIUMCVSS 5.3≥ n/a, ≤ 93.1.02026-06-17
CVE-2025-15657 [MEDIUM] CWE-639 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability
WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
cvelistv5