CVE-2025-11551

A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Configurations

Configuration 1 (hide)

cpe:2.3:a:carmelo:student_result_manager:1.0:*:*:*:*:*:*:*

History

20 Oct 2025, 20:39

Type Values Removed Values Added
CPE cpe:2.3:a:carmelo:student_result_manager:1.0:*:*:*:*:*:*:*
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://github.com/lakshayyverma/CVE-Discovery/blob/main/Student%20Result%20Manager.md - () https://github.com/lakshayyverma/CVE-Discovery/blob/main/Student%20Result%20Manager.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.327710 - () https://vuldb.com/?ctiid.327710 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.327710 - () https://vuldb.com/?id.327710 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.670256 - () https://vuldb.com/?submit.670256 - Third Party Advisory, VDB Entry
First Time Carmelo
Carmelo student Result Manager

09 Oct 2025, 20:15

Type Values Removed Values Added
References () https://github.com/lakshayyverma/CVE-Discovery/blob/main/Student%20Result%20Manager.md - () https://github.com/lakshayyverma/CVE-Discovery/blob/main/Student%20Result%20Manager.md -

09 Oct 2025, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-10-09 18:15

Updated : 2025-10-20 20:39


NVD link : CVE-2025-11551

Mitre link : CVE-2025-11551

CVE.ORG link : CVE-2025-11551


JSON object : View

Products Affected

carmelo

  • student_result_manager
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')