CVE-2025-12918
LOWDescription
A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoice_id results in improper control of resource identifiers. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| yungifez | skuul |
References
Exploits
Other References
Frequently Asked Questions
What is CVE-2025-12918? +
How severe is CVE-2025-12918? +
What products are affected by CVE-2025-12918? +
How do I check if I'm vulnerable to CVE-2025-12918? +
Related Vulnerabilities
A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which …
Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before …
Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become …
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at …
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it …
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on …