Platform
php
Component
pocs
Fixed in
1.0.1
CVE-2025-0212 is a critical vulnerability affecting the elliptic JavaScript library, specifically its ECDSA signature functionality. An attacker can extract the private key used for signing by providing a malformed input, such as a string or number, potentially originating from network data. This vulnerability impacts versions of elliptic prior to 6.6.1, allowing for potential unauthorized access and data compromise. A fix is available in version 6.6.1.
A critical vulnerability has been identified in Campcodes Student Grading System version 1.0 (CVE-2025-0212). This SQL injection flaw affects the /view_students.php file and allows a remote attacker to manipulate the 'id' argument to execute malicious SQL code. The potential impact is severe, including possible extraction of sensitive database data, modification of student records, or even system takeover. Public disclosure of the exploit exacerbates the situation, increasing the risk of attacks.
The vulnerability is exploited through manipulation of the 'id' parameter in the URL of the /view_students.php file. An attacker can inject malicious SQL code into this parameter, which is then executed against the database. The remote nature of the vulnerability means an attacker does not need physical access to the server to exploit it. Public disclosure of the exploit facilitates replication of the attack by malicious actors, increasing the urgency of applying the fix.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The recommended solution is to immediately update Campcodes Student Grading System to version 1.0.1. This version includes a fix for the SQL injection vulnerability. In the meantime, as a temporary measure, restrict access to the /view_students.php file and apply strict input validation, especially for the 'id' parameter. Implementing a Web Application Firewall (WAF) can also help mitigate the risk. Regular security audits are crucial for identifying and correcting future vulnerabilities.
Actualice el sistema a una versión parcheada o aplique las correcciones de seguridad proporcionadas por el proveedor. Valide y filtre las entradas del usuario, especialmente el parámetro 'id' en el archivo 'view_students.php', para prevenir ataques de inyección SQL. Implemente el principio de mínimo privilegio para las cuentas de base de datos.
Vulnerability analysis and critical alerts directly to your inbox.
SQL injection is an attack technique that allows an attacker to insert malicious SQL code into a database query, potentially leading to data extraction, modification, or deletion.
CVE-2025-0212 is a unique identifier for this specific vulnerability, facilitating its tracking and referencing.
If you cannot update immediately, implement mitigating measures such as input validation and restricting access to the vulnerable file.
Vulnerability scanning tools can detect this vulnerability. Consult with your security provider for recommendations.
Contact Campcodes support for more information and assistance.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.