CVE-2025-4940 in Daily College Class Work Report Bookinfo

Summary

by MITRE • 05/19/2025

A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 06/11/2026

This critical vulnerability exists within the 1000 Projects Daily College Class Work Report Book 1.0 software, specifically targeting the administrative interface through the /admin_info.php file. The flaw represents a classic sql injection vulnerability that occurs when the application fails to properly sanitize user input before incorporating it into database queries. The attack vector is initiated through manipulation of the batch argument parameter, which allows an attacker to inject malicious sql code directly into the application's database layer. This type of vulnerability falls under the CWE-89 category, which specifically addresses sql injection flaws in software applications. The remote exploitation capability means that attackers can leverage this vulnerability without requiring physical access to the target system, making it particularly dangerous in networked environments where the application is exposed to external traffic.

The operational impact of this vulnerability is severe and multifaceted, as successful exploitation would allow an attacker to execute arbitrary sql commands against the underlying database. This could result in unauthorized data access, data modification, or complete database compromise. Attackers could potentially extract sensitive information including user credentials, personal data, academic records, or administrative configurations. The vulnerability's classification as critical indicates that it provides attackers with significant privileges and access levels that could lead to full system compromise. According to the mitre att&ck framework, this vulnerability maps to the execution and credential access phases, where adversaries can leverage sql injection to escalate privileges and maintain persistent access to the compromised system.

Mitigation strategies for this vulnerability must be implemented immediately to protect the affected system. The primary remediation involves proper input validation and parameterized queries to prevent sql injection attacks. Application developers should implement proper sanitization of all user inputs, particularly those used in database operations, and utilize prepared statements or parameterized queries to ensure that user data cannot be interpreted as sql commands. Additionally, implementing proper access controls and authentication mechanisms within the /admin_info.php file would limit the attack surface and reduce the potential impact of exploitation. Regular security auditing and penetration testing should be conducted to identify similar vulnerabilities in other parts of the application. Network segmentation and firewall rules should be configured to restrict access to administrative interfaces, while web application firewalls can provide additional layers of protection against sql injection attempts. The public disclosure of this exploit increases the urgency for immediate remediation, as threat actors may already be actively targeting systems with this specific vulnerability.

Responsible

VulDB

Disclosure

05/19/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00410

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!