SQL Injection Vulnerability in itsourcecode Placement Management System
CVE-2025-4724
Key Information:
- Vendor
Itsourcecode
- Vendor
- CVE Published:
- 15 May 2025
Badges
What is CVE-2025-4724?
A vulnerability has been discovered in the 'itsourcecode Placement Management System' version 1.0, specifically in the file /student_profile.php. This flaw allows an attacker to manipulate the argument 'ID', potentially leading to SQL injection attacks. Such an attack can be conducted remotely, exploiting unwary users. The public disclosure of this vulnerability heightens the risk of exploitation, emphasizing the importance of timely patching and robust security measures.
Affected Version(s)
Placement Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved