PT-2025-35375 · Sourcecodester · Online Polling System

Quchunyi1

Published

2025-08-30

Updated

2025-08-30

CVE-2025-9699

Report an issue

CVSS v2.0

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions:

SourceCodester Online Polling System Code version 1.0

Description:

A SQL injection issue exists due to the manipulation of the `myusername` argument in the `/admin/checklogin.php` file. The attack can be performed remotely. The exploit is publicly available.

Recommendations:

As a temporary workaround, sanitize the `myusername` input to prevent SQL injection.

Restrict access to the `/admin/checklogin.php` file to authorized personnel only.

Exploit

Fix

Special Elements Injection

SQL injection

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-9699

Affected Products

Online Polling System

PT-2025-35375 · Sourcecodester · Online Polling System

Weakness Enumeration

Related Identifiers

Affected Products

References · 8