CVE-2025-65135: In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin

Description

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.

Affected Products

Vendor	Product	Versions
manikandan580	school-management-system	n/a

References

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2025-65135

Related News (1 articles)

Tier C

VulDB22h ago

CVE-2025-65135 | manikandan580 School-Management-System up to 1.0 POST Parameter between-date-reprtsdetails.php fromdate sql injection

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-89

PublishedApr 14, 2026

Last enriched13h agov2

Trending Score51

Source articles1

Independent1

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 13h ago

v2Tier C22h ago

Updated vendor to manikandan580, product to School-management-system, and marked the vulnerability as actively exploited.

affectedVersionsactivelyExploited

via VulDB

v123h ago

Initial creation

CVE-2025-65135: In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History