PT-2025-33416 · Sourcecodester · Covid19 Testing Management System
Zhuyi
·
Published
2025-08-14
·
Updated
2025-08-15
·
CVE-2025-8985
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
SourceCodester COVID 19 Testing Management System version 1.0
Description:
A SQL injection issue exists in an unknown functionality of the file
/profile.php. Manipulation of the mobilenumber argument can lead to SQL injection, allowing for remote attacks. The exploit has been publicly disclosed and may be used. Other parameters might also be affected.Recommendations:
As a temporary workaround, consider restricting access to the
/profile.php file until a fix is available.
Sanitize the mobilenumber parameter to prevent SQL injection attacks.
Review and sanitize all other parameters used in the /profile.php file to identify and address potential SQL injection vulnerabilities.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Covid19 Testing Management System