CVE-2025-10419

Name of the Vulnerable Software and Affected Versions SourceCodester Student Grading System version 1.0

Description A security issue exists in SourceCodester Student Grading System 1.0. The vulnerability is due to SQL injection in the /del promote.php file through manipulation of the sy argument. This allows for remote attacks. The exploit has been publicly disclosed.

Recommendations As a temporary workaround, consider restricting access to the /del promote.php file until a fix is available. Avoid using the sy parameter in the /del promote.php endpoint until the issue is resolved.