CVE-2025-4837 – Projectworlds Student Project Allocation System SQL Injection Vulnerability

May 17, 2025

CVE ID : CVE-2025-4837

Published : May 17, 2025, 9:15 p.m. | 3 hours, 30 minutes ago

Description : A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /make_group_sql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4838 – Kanwangzjm Funiture Open Redirect Vulnerability

Next Article AWS Open-Sources Strands Agents SDK to Simplify AI Agent Development

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-4837 – Projectworlds Student Project Allocation System SQL Injection Vulnerability

Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out

Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours

CVE-2025-5859 – PHPGurukul Nipah Virus Testing Management System SQL Injection Vulnerability

Visa preps AI-ready credit cards for automated shopping transactions

Microsoft announces new Surface Pro and Surface Laptop with smaller screens, lower starting prices, and surprising design changes

The Impact of AI on Compliance and Risk Management for Mainframe Environments

CVE-2025-46824 – Discourse Code Review Plugin Cross-Site Scripting (XSS)

CVE-2025-6150 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-5404 – Chaitak-Gorai Blogbook GET Parameter Handler Denial of Service Vulnerability

CVE-2024-7103 – WSO2 Identity Server Reflected XSS

CVE-2025-4837 – Projectworlds Student Project Allocation System SQL Injection Vulnerability

Related Posts