CVE-2024-25304
Description
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Simple School Management System 1.0 has an SQL injection vulnerability in the 'apass' parameter, allowing attackers to extract database contents.
Vulnerability
An SQL injection vulnerability exists in Code-projects Simple School Management System 1.0 in the 'apass' parameter at School/index.php. The parameter is used in authentication without proper sanitization, allowing injection of arbitrary SQL queries [1].
Exploitation
An attacker can exploit this without authentication by sending a crafted POST request to the login page. Using a tool like sqlmap with the 'apass' parameter, they can perform boolean-based blind SQL injection to enumerate database contents [1].
Impact
Successful exploitation allows an attacker to bypass authentication, access sensitive data such as user credentials, and potentially compromise the entire database [1].
Mitigation
As of the publication date, no patch has been released. The vendor website (code-projects.org) lists version 1.0 as the latest. The application is likely abandonware. Users should consider replacing the system or implementing input validation and parameterized queries [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Code-projects/Simple School Managment Systemdescription
- Range: =1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.