PT-2025-37428 · Sourcecodester · Sourcecodester Student Grading System

Quchunyi

Published

2025-09-14

Updated

2025-09-14

CVE-2025-10408

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Student Grading System version 1.0

Description A security flaw exists in SourceCodester Student Grading System 1.0. The issue is related to SQL injection within the /edit user.php file. Manipulation of the ID parameter can trigger the injection. The attack can be initiated remotely, and an exploit has been publicly released.

Recommendations As a temporary workaround, consider restricting access to the /edit user.php file until a fix is available. Sanitize the ID parameter before using it in SQL queries.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-10408

Affected Products

Sourcecodester Student Grading System

PT-2025-37428 · Sourcecodester · Sourcecodester Student Grading System

CVE-2025-10408

Weakness Enumeration

Related Identifiers

Affected Products

References · 11