关键信息 CVE: CVE-2025-13325 CVSS ID: VDB-332669 GCVE: GCVE-100-332669 Product: ITSourceCode Student Information System 1.0 Vulnerability Type: SQL Injection File: /enrollment_edit1.php Argument: en_id Risk Level: Critical Summary A critical SQL injection vulnerability was found in ITSourceCode Student Information System 1.0. Manipulating the argument in the file leads to SQL injection. The attack can be initiated remotely and there is a known exploit. Technical Details CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Attack Vector: Remote Exploit: Proof-of-concept available on GitHub Attack Technique: Utilized in MITRE ATT&CK T1505 Impact: Confidentiality, integrity, and availability Exploitation The vulnerability can be exploited by searching for to find vulnerable targets using Google Hacking. Mitigation No specific countermeasures are mentioned. It is suggested to replace the product with an alternative solution. Related vulnerabilities are VDB-248549, VDB-250602, VDB-321891, and VDB-324639.