CVE-2025-10421

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Student Grading System version 1.0

Description A flaw exists in the SourceCodester Student Grading System that may allow for SQL injection. The issue affects unknown code within the /update account.php file. Manipulation of the ID parameter can lead to exploitation, potentially allowing for remote attacks. The exploit has been published.

Recommendations As a temporary workaround, restrict access to the /update account.php file. Sanitize the ID parameter before using it in SQL queries.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-10421

Affected Products

Sourcecodester Student Grading System

CVE-2025-10421

Weakness Enumeration

Related Identifiers

Affected Products

References · 10