Manikandan580 School Management System SQL Injection Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Manikandan580 School Management System SQL Injection Risk

CVE-2025-65135

Summary

A security weakness in the Manikandan580 School Management System allows attackers to access unauthorized data. This issue can be exploited through the 'fromdate' field in a specific page. Update or replace the affected software to prevent unauthorized data access.

Original title

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.

Original description

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.

nvd CVSS3.1 9.8

Vulnerability type

CWE-89 SQL Injection

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2025-65135
https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65135/poc.md

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026