CVE-2025-9665 – CVE-2025-9665 is an SQL injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2025-9665?

CVE-2025-9665 has a CVSS score of 6.3 (MEDIUM). CVE-2025-9665 is an SQL injection vulnerability in Simple Grading System 1.0 that allows attackers to manipulate database queries through the /edit_student.php admin panel. This affects administrators and potentially exposes student data. Remote attackers can execute arbitrary SQL commands to view, modify, or delete database contents.

📋 TL;DR

CVE-2025-9665 is an SQL injection vulnerability in Simple Grading System 1.0 that allows attackers to manipulate database queries through the /edit_student.php admin panel. This affects administrators and potentially exposes student data. Remote attackers can execute arbitrary SQL commands to view, modify, or delete database contents.

💻 Affected Systems

Products:

Simple Grading System

Versions: 1.0

Operating Systems: All platforms running PHP/MySQL

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin panel access, but SQL injection can be exploited by anyone with access to the vulnerable endpoint.

📦 What is this software?

Simple Grading System by Fabian

View all CVEs affecting Simple Grading System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, modification, deletion, or potential server takeover via SQL injection escalation.

🟠

Likely Case

Unauthorized access to student records, grades, and personal information stored in the database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects web-accessible admin panels.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain access to the admin interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available, making this easy for attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

1. Check vendor website for security updates. 2. If no patch exists, implement workarounds. 3. Consider replacing with alternative software if unmaintained.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add parameterized queries or prepared statements to /edit_student.php to prevent SQL injection.

Modify PHP code to use PDO or mysqli prepared statements for ID parameter

Web Application Firewall

all

Deploy WAF rules to block SQL injection patterns targeting /edit_student.php

Configure WAF to detect and block SQL injection attempts

🧯 If You Can't Patch

Restrict access to /edit_student.php using IP whitelisting or authentication requirements
Implement database user with minimal privileges (read-only where possible)

🔍 How to Verify

Check if Vulnerable:

Test /edit_student.php with SQL injection payloads like ' OR '1'='1 in ID parameter

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Attempt SQL injection tests and verify they are blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in web server logs
Multiple failed login attempts to admin panel
Suspicious parameter values in /edit_student.php requests

Network Indicators:

SQL keywords in HTTP POST/GET parameters
Unusual database query patterns from web server

SIEM Query:

source="web_logs" AND (uri="/edit_student.php" AND (param="ID" AND value MATCH "'|--|UNION|SELECT"))

📊 Metadata

CVE ID: CVE-2025-9665

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.03% exploit probability (7.1th percentile)

Published: August 29, 2025

Last Updated: October 23, 2025

🔗 References

https://code-projects.org/ Product
https://vuldb.com/?ctiid.321872 Permissions Required,VDB Entry
https://vuldb.com/?id.321872 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.637256 Third Party Advisory,VDB Entry
https://www.yuque.com/yuqueyonghuexlgkz/zepczx/lp1lt05iddgaigmv?singleDoc Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9665, you might also want to check these: