CVE-2025-3589: SourceCodester Music Class Enrollment System manage_class.php sql injection
First published: Mon Apr 14 2025(Updated: )
A vulnerability, which was classified as critical, was found in SourceCodester Music Class Enrollment System 1.0. Affected is an unknown function of the file /manage_class.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SourceCodester Music Class Enrollment System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3589?
The severity of CVE-2025-3589 is classified as critical.
What is the impact of CVE-2025-3589?
CVE-2025-3589 allows for SQL injection, which can lead to unauthorized data access and manipulation.
How do I fix CVE-2025-3589?
To fix CVE-2025-3589, validate and sanitize the input parameters to the affected function in /manage_class.php.
Can CVE-2025-3589 be exploited remotely?
Yes, CVE-2025-3589 can be exploited remotely, making it a significant risk for exposed servers.
Which software versions are affected by CVE-2025-3589?
CVE-2025-3589 affects SourceCodester Music Class Enrollment System version 1.0.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/title
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/sourcecodester
- canonical/sourcecodester music class enrollment system