SQL Injection Vulnerability in krishanmuraiji SMS by Kabir0104k
CVE-2025-66947

6.5MEDIUM

Key Information:

Vendor: Kabir0104k
Status: krishanmuraiji SMS
Vendor: CVE Published:; 26 December 2025

What is CVE-2025-66947?

An SQL injection vulnerability exists in the krishanmuraiji SMS application version 1.0, located in the /studentms/admin/edit-class-detail.php file. The vulnerability can be exploited through the editid GET parameter, allowing attackers to inject malicious SQL commands. By leveraging SQL SLEEP(), an attacker can manipulate the database to infer sensitive information, leading to potential data breaches and full compromise of the database, particularly within administrative functions.

References

https://github.com/kabir0104k/CVE-2025-66947/blob/main/RE...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2025
Vulnerability Reserved
Dec 8, 2025

JSON