CVE-2025-8989

Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0

Description: A SQL injection issue exists due to the manipulation of the mobilenumber argument in the processing of the /edit-phlebotomist.php file. The attack can be initiated remotely, and the exploit has been publicly disclosed. Other parameters may also be affected.

Recommendations: As a temporary workaround, consider restricting access to the /edit-phlebotomist.php file until a patch is available. Sanitize the mobilenumber input to prevent SQL injection attacks. Review the code for other potentially vulnerable parameters and apply appropriate input validation and sanitization techniques.