CVE-2025-2351 – DayCloud StudentManage SQL Injection Vulnerability

March 17, 2025
2:16 am

CVE ID : CVE-2025-2351

Published : March 16, 2025, 11:15 p.m. | 2 hours, 7 minutes ago

Description : A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-2351 – DayCloud StudentManage SQL Injection Vulnerability

Elvescore.io

Recent Posts

CVE-2025-2471 – PHPGurukul Boat Booking System SQL Injection Vulnerability

CVE-2025-2472 – PHPGurukul Apartment Visitors Management System SQL Injection Vulnerability

CVE-2025-2473 – PHPGurukul Company Visitor Management System SQL Injection Vulnerability

CVE-2023-50183 – Apache HTTP Server Cross-Site Request Forgery

CVE-2023-50184 – Apache HTTP Server Remote Code Execution

CVE-2023-50185 – Apache HTTP Server Unvalidated User Input

CVE-2025-2351 – DayCloud StudentManage SQL Injection Vulnerability

CVE-2025-2351 – DayCloud StudentManage SQL Injection Vulnerability