CVE-2025-7191
📋 TL;DR
This critical SQL injection vulnerability in the Student Enrollment System 1.0 allows attackers to manipulate database queries through the Username parameter in /login.php. Attackers can potentially access, modify, or delete sensitive student data, and the vulnerability can be exploited remotely without authentication. All users of Student Enrollment System 1.0 are affected.
💻 Affected Systems
- code-projects Student Enrollment System
📦 What is this software?
Student Enrollment by Code Projects
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data destruction, authentication bypass, and potential server takeover via SQL injection to RCE chaining.
Likely Case
Unauthorized access to sensitive student records (personal information, grades, enrollment data), potential authentication bypass, and data exfiltration.
If Mitigated
Limited impact with proper input validation, parameterized queries, and WAF protection blocking malicious SQL payloads.
🎯 Exploit Status
Exploit details are publicly available on GitHub, making this easily weaponizable by attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: unknown
Vendor Advisory: https://code-projects.org/
Restart Required: No
Instructions:
1. Check code-projects.org for security updates 2. If no patch available, implement workarounds 3. Consider replacing with alternative software
🔧 Temporary Workarounds
WAF Rule Implementation
allDeploy web application firewall rules to block SQL injection patterns in login requests
# Example ModSecurity rule: SecRule ARGS:Username "@detectSQLi" "id:1001,phase:2,deny,status:403"
Input Validation Filter
allAdd server-side input validation to reject suspicious characters in Username field
# PHP example: if(preg_match('/[\'\"\;\-\-]/', $_POST['Username'])) { die('Invalid input'); }
🧯 If You Can't Patch
- Isolate the Student Enrollment System behind a reverse proxy with strict input validation
- Implement network segmentation to limit database access from the vulnerable application
🔍 How to Verify
Check if Vulnerable:
Test login.php with SQL injection payloads like ' OR '1'='1 in Username field and observe database errors or unexpected behaviorCheck Version:
Check application files or documentation for version information; typically in readme files or configurationVerify Fix Applied:
Attempt SQL injection payloads and verify they are rejected or properly sanitized without database errors📡 Detection & Monitoring
Log Indicators:
- Unusual SQL syntax in Username field logs
- Multiple failed login attempts with SQL patterns
- Database error messages in application logs
Network Indicators:
- HTTP POST requests to /login.php containing SQL keywords (UNION, SELECT, INSERT, --, #)
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND uri="/login.php" AND (Username="*UNION*" OR Username="*SELECT*" OR Username="*--*" OR Username="*#*")