Home / Vulnerability Intelligence / CVE-2025-65135

CVE-2025-65135 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 14, 2026

manikandan580 School-management-system - SQL Injection

Published: April 14, 2026Updated: April 14, 2026Remote Exploitable

Overview

manikandan580 School-management-system 1.0 contains a time-based blind SQL injection caused by unsanitized fromdate POST parameter in /studentms/admin/between-date-reprtsdetails.php, letting attackers extract data via time delays, exploit requires crafted POST request.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can extract sensitive database information remotely via time delays, potentially compromising data confidentiality.

Mitigation

Update to the latest version or apply patches to sanitize input in fromdate parameter.

References

Related Resources

Details

CVE ID: CVE-2025-65135
Severity: Critical
CVSS Score: 9.8
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H