CVE-2025-10409

Name of the Vulnerable Software and Affected Versions SourceCodester Student Grading System version 1.0

Description A weakness exists in SourceCodester Student Grading System 1.0. The issue affects an unknown part of the file /rms.php?page=users. Manipulation of the fname argument can lead to SQL injection. The attack can be launched remotely, and the exploit has been made publicly available.

Recommendations As a temporary workaround, consider restricting access to the /rms.php?page=users file to minimize the risk of exploitation. Avoid using the fname parameter in the affected API endpoint /rms.php?page=users until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.