CVE-2025-66947 – Krishanmuraiji SMS SQL Injection Delay Attack

CVE ID : CVE-2025-66947

Published : Dec. 26, 2025, 3:15 p.m. | 1 hour, 6 minutes ago

Description : SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP() to infer database contents. Successful exploitation may lead to full database compromise, especially within an administrative module.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…