CVE-2025-65135EXPLOITED

n/a · n/a

CVE-2025-65135: In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin

Description

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

References

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2025-65135

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2025-65135 | manikandan580 School-Management-System up to 1.0 POST Parameter between-date-reprtsdetails.php fromdate sql injection

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

CISA KEV❌ No

Actively exploited✅ Yes

PublishedApr 14, 2026

Last enriched5h agov2

Trending Score56

Source articles1

Independent1

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-38529EXP

CVE-2026-38529: A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allo

Trending: 50

HIGHCVE-2026-38530EXP

CVE-2026-38530: A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.

Trending: 50

MEDIUMCVE-2025-65136EXP

CVE-2025-65136: In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php v

Trending: 49

MEDIUMCVE-2025-65132EXP

CVE-2025-65132: alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which a

Trending: 49

CRITICALCVE-2025-61260EXP

CVE-2025-61260: A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP

Trending: 48

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: affectedVersions, activelyExploited

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Version History

Last enriched 5h ago

v2Tier C5h ago

Updated vendor to manikandan580, product to School-management-system, and marked the vulnerability as actively exploited.

affectedVersionsactivelyExploited

via VulDB

v16h ago

Initial creation