Description
A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information.
Published: 2026-04-14
Score: n/a
EPSS: n/a
KEV: No
Impact: Remote SQL injection allowing data extraction
Action: Apply Patch
AI Analysis

Impact

A SQL injection vulnerability permits attackers to alter database queries through crafted HTTP requests. The flaw is exploitable by unauthenticated or authenticated users and can lead to extraction of sensitive database contents such as student records, login credentials, or administrative data. This represents a significant confidentiality breach and, if the attacker gains write privileges, could also modify or delete critical information. The weakness corresponds to the classic SQL injection flaw (CWE‑89).

Affected Systems

The affected product is the School Management System version 1.0 developed by manikandan580. No other vendors or versions are listed.

Risk and Exploitability

Because the vulnerability is accessible via an HTTP endpoint without requiring authentication, the attack vector is likely straightforward for remote actors. The EPSS score is not available, and the issue is not currently catalogued by CISA, but the lack of authentication and the potential for data leakage suggest a high risk level. Until remediation is applied, any system hosting the unpatched application could be used to exfiltrate confidential data.

Generated by OpenCVE AI on April 14, 2026 at 16:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑provided patch or upgrade to a fixed version of the School Management System when released.
  • Restrict access to the vulnerable HTTP endpoint by applying firewall rules or IP whitelisting.
  • Implement server‑side input validation and enforce parameterized database queries on the affected endpoint.
  • Monitor application logs for suspicious query patterns or repeated failed requests.

Generated by OpenCVE AI on April 14, 2026 at 16:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated SQL Injection in School Management System Allowing Data Extraction
Weaknesses CWE-89

Tue, 14 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:05:54.320Z

Reserved: 2025-11-18T00:00:00.000Z

Link: CVE-2025-65133

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-14T16:16:34.180

Modified: 2026-04-14T16:16:34.180

Link: CVE-2025-65133

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:41Z

Weaknesses