216.73.216.77

CVE-2025-70152

· Published 18/02/2026 18:24 · Modified 19/02/2026 15:53

Labels: CVE-2025-70152 2026-02-18CVE-2025-70152CWE-89[email protected]

Essential information

Published
18/02/2026 18:24
Modified
19/02/2026 15:53
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
code-projects / community project scholars tracking system cpe:2.3:a:code-projects:community_project_scholars_tracking_system:1.0:*:*:*:*:*:*:*

References