CVE-2025-5008
SQL Injection flaw in projectworlds Online Time Table Generator 1.0
Overview
A SQL injection vulnerability exists within admin/add_teacher.php in Projectworlds Online Time Table Generator version 1.0. It can be exploited remotely, compromising data confidentiality and integrity.
Technical Details
An attacker can manipulate the "e" argument in /admin/add_teacher.php file, leading to SQL injection. This compromise can have a further impact on other parameters of the application as well.
CVSS Metrics
- attack_vector: NETWORK
- attack_complexity: LOW
- privileges_required: NONE
- user_interaction: NONE
- scope: UNCHANGED
- confidentiality_impact: LOW
- integrity_impact: LOW
- availability_impact: LOW
Impact
The vulnerability can lead to unauthorized access to sensitive information and might tamper with the integrity of the data. This potentially allows an attacker to execute arbitrary SQL commands.
Recommendations
To mitigate this threat, it is recommended to install a more secure version of the application if available and perform regular safety audits to check for any potential injections. It is also advisable to restrict unnecessary access to the system.
Threat Metrics
- cvss_score: 7.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW