cvedb.io
CVE-2025-70152
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-02-18T18:24:21.530 · Last modified 2026-06-17T10:03:10.870

Summary

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.

Affected products

fabian — scholars_tracking_system

Does this affect you?

Add your gear to cvedb and we'll alert you only when fabian ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.