CVE-2025-65135

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Apr 14, 2026

Vendor unknown

Description

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.

References

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2025-65135
https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65135/poc.md