School Fees Payment System - SQLi (CVE-2025-6403)

CVE-2025-6403 is a critical SQL injection vulnerability in code-projects School Fees Payment System 1.0, specifically affecting the /student.php file via the ID parameter. This flaw allows remote attackers to manipulate database queries, potentially leading to unauthorized data access or modification. With public exploit code available, the risk of real-world attacks is significantly heightened.

CrowdSec has been tracking this vulnerability and its exploits since 19th of November 2025.

CrowdSec network observations suggest that most exploitation of CVE-2025-6403 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. CrowdSec data also reveals a clear uptick in attacks involving CVE-2025-6403 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.

Attackers exploit the /student.php endpoint by injecting SQL commands into the id parameter, often using payloads like EXTRACTVALUE or SLEEP to trigger errors or time delays, indicating successful SQL injection attempts.