SQL Injection Vulnerability in Code-Projects Community Project Scholars Tracking System
CVE-2025-70152

9.8CRITICAL

Key Information:

Vendor: Code-Projects
Status: Scholars Tracking System
Vendor: CVE Published:; 18 February 2026

🔔 Create Code-Projects Vulnerability Alert

What is CVE-2025-70152?

The Code-Projects Community Project Scholars Tracking System version 1.0 contains a significant SQL Injection vulnerability in the admin user management endpoints, specifically /admin/save_user.php and /admin/update_user.php. The flaw arises from the lack of authentication checks, allowing attackers to manipulate SQL queries through unsanitized user input parameters such as firstname, lastname, username, password, and user_id. This vulnerability enables unauthorized access and potential data breaches, highlighting the need for secure coding practices.

References

https://code-projects.org/scholars-tracking-system-in-php...

https://youngkevinn.github.io/posts/CVE-2025-70152-Schola...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70152 Data

JSON