Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Scholars Tracking System Exposes Admin User Data to Unauthorized Access
CVE-2025-70152
Summary
The Scholars Tracking System's admin user management pages are not secure. Hackers could use this weakness to access or change sensitive user information, including passwords. To protect your system, update the software to a fixed version or apply a patch to the vulnerable endpoints.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| fabian | scholars_tracking_system | 1.0 | – |
Original title
code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints l...
Original description
code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.
nvd CVSS3.1
9.8
Vulnerability type
CWE-89
SQL Injection
- https://code-projects.org/scholars-tracking-system-in-php-with-source-code/ Product
- https://youngkevinn.github.io/posts/CVE-2025-70152-Scholars-SQLi-Missing-Auth/ Exploit Third Party Advisory Mitigation
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026