{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-65133", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-14T15:05:54.320Z", "dateReserved": "2025-11-18T00:00:00.000Z", "datePublished": "2026-04-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T15:05:54.320Z"}, "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65133/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information."}], "id": "CVE-2025-65133", "lastModified": "2026-04-14T16:16:34.180", "metrics": {}, "published": "2026-04-14T16:16:34.180", "references": [{"source": "cve@mitre.org", "url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65133/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"analysis": {"en": {"generated_at": "2026-04-14T16:28:32.098313+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011provided patch or upgrade to a fixed version of the School Management System when released.", "Restrict access to the vulnerable HTTP endpoint by applying firewall rules or IP whitelisting.", "Implement server\u2011side input validation and enforce parameterized database queries on the affected endpoint.", "Monitor application logs for suspicious query patterns or repeated failed requests."], "summary": {"action": "Apply Patch", "impact": "Remote SQL injection allowing data extraction"}, "threat_synthesis": {"affected_systems": "The affected product is the School Management System version 1.0 developed by manikandan580. No other vendors or versions are listed.", "description_and_impact": "A SQL injection vulnerability permits attackers to alter database queries through crafted HTTP requests. The flaw is exploitable by unauthenticated or authenticated users and can lead to extraction of sensitive database contents such as student records, login credentials, or administrative data. This represents a significant confidentiality breach and, if the attacker gains write privileges, could also modify or delete critical information. The weakness corresponds to the classic SQL injection flaw (CWE\u201189).", "risk_and_exploitability": "Because the vulnerability is accessible via an HTTP endpoint without requiring authentication, the attack vector is likely straightforward for remote actors. The EPSS score is not available, and the issue is not currently catalogued by CISA, but the lack of authentication and the potential for data leakage suggest a high risk level. Until remediation is applied, any system hosting the unpatched application could be used to exfiltrate confidential data."}}}}, "created": "2026-04-14T16:31:41.659347+00:00", "title": "Unauthenticated SQL Injection in School Management System Allowing Data Extraction", "updated": "2026-04-14T16:31:41.659376+00:00", "vendors": [], "weaknesses": ["CWE-89"]}