PT-2025-36490 · Sourcecodester · Simple Forum-Discussion System

Fuyang

Published

2025-09-08

Updated

2025-09-08

CVE-2025-10100

Report an issue

CVSS v2.0

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions:

SourceCodester Simple Forum Discussion System version 1.0

Description:

A SQL injection issue exists in the file `/admin class.php?action=login`. Manipulation of the `Username` parameter can lead to exploitation. The attack can be initiated remotely.

Recommendations:

As a temporary workaround, consider restricting access to the `/admin class.php?action=login` endpoint until the issue is resolved.

Avoid using the `Username` parameter in the affected API endpoint `/admin class.php?action=login` until the issue is resolved.

Exploit

Fix

Special Elements Injection

SQL injection

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-10100

Affected Products

Simple Forum-Discussion System

PT-2025-36490 · Sourcecodester · Simple Forum-Discussion System

Weakness Enumeration

Related Identifiers

Affected Products

References · 8