CVE-2025-12918 | yungifez Skuul School Management System up to 2.6.5 View Fee Invoice fee-invoices invoice_id resource injection

A vulnerability has been found in yungifez Skuul School Management System up to 2.6.5 and classified as problematic. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoice_id results in improper control of resource identifiers.

This vulnerability is known as CVE-2025-12918. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-12918 | yungifez Skuul School Management System up to 2.6.5 View Fee Invoice fee-invoices invoice_id resource injection

Post correlati

CVE-2024-35679 | GiveWP Plugin up to 3.12.0 on WordPress cross site scripting

CVE-2024-30422 | WPVibes Elementor Addon Elements Plugin up to 1.13.1 on WordPress cross site scripting

CVE-2024-12036 | Chimpstudio CS Framework Plugin up to 6.9 on WordPress get_widget_settings_json file inclusion

CVE-2024-29823 | Ivanti Endpoint Manager GetDBVulnerabilities sql injection