CVE-2025-4940
SQL Injection vulnerability in Daily College Class Work Report Book 1.0
Overview
This vulnerability has been discovered in the Daily College Class Work Report Book 1.0. The issue lies in the unknown processing of the file /admin_info.php. The exploitation of this vulnerability, which is classified as a SQL Injection attack, could lead to potential remote initiated attacks.
Technical Details
Vulnerable component is 'batch' argument in /admin_info.php file. This argument is manipulated to initiate a SQL Injection. There are no required privileges or user interactions for this exploitation, making it easily exploitable. The vulnerability impacts on confidentiality, integrity, and availability are low.
CVSS Metrics
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- User Interaction: NONE
- Scope: UNCHANGED
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: LOW
Impact
Remote attackers can manipulate the input, which can lead to unauthorized data disclosure, modification, or even complete control over the database.
Recommendations
Keep the application updated to the latest version. Apply strong input validation and sanitization on user inputs to prevent SQL Injection attacks.
Threat Metrics
- "cvss_score": 7.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"