{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-14226","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-12-07T15:47:09.512Z","datePublished":"2025-12-08T09:32:06.865Z","dateUpdated":"2025-12-08T17:21:00.526Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-12-08T09:32:06.865Z"},"title":"itsourcecode Student Management System edit_user.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"itsourcecode","product":"Student Management System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Other parameters might be affected as well."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-12-07T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-12-07T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-12-07T16:52:13.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"ekkojob (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.334668","name":"VDB-334668 | itsourcecode Student Management System edit_user.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.334668","name":"VDB-334668 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.701801","name":"Submit #701801 | itsourcecode Student Management System V1.0 SQL Injection","tags":["third-party-advisory"]},{"url":"https://github.com/ltranquility/CVE/issues/17","tags":["exploit","issue-tracking"]},{"url":"https://itsourcecode.com/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-08T17:20:45.448010Z","id":"CVE-2025-14226","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-08T17:21:00.526Z"}}]}}