SQL Injection Vulnerability in Kidaze CourseSelectionSystem from Kidaze
CVE-2025-10597

6.9MEDIUM

Key Information:

Vendor

Kidaze

Status
Courseselectionsystem
Vendor
CVE Published:
17 September 2025

What is CVE-2025-10597?

A security vulnerability has been identified in the CourseSelectionSystem developed by Kidaze, specifically impacting the code located in the /Profilers/PriProfile/COUNT2.php file. This flaw allows an attacker to manipulate the 'cname' argument, potentially leading to SQL injection attacks that can be executed remotely. Due to its rolling release model, it is essential for users to stay updated with the latest patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

CourseSelectionSystem 42cd892b40a18d50bd4ed1905fa89f939173a464

References

https://vuldb.com/?id.324614
vdb-entrytechnical-description
https://vuldb.com/?ctiid.324614
signaturepermissions-required
https://vuldb.com/?submit.649316
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

shang (VulDB User)
.