Home

Description

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP() to infer database contents. Successful exploitation may lead to full database compromise, especially within an administrative module.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-26 | Updated 2025-12-26 | Assigner mitre

References

github.com/kabir0104k/CVE-2025-66947/blob/main/README.md

cve.org (CVE-2025-66947)

nvd.nist.gov (CVE-2025-66947)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.