School Management System
CVE-2025-11661
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
DescriptionCVE.org
A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery
Analysis
A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery
More in School Management System
View allSchool Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport paramet
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password paramete
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent chang
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. Rated high severity (CVSS 8.8
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today