PT-2025-38223 · Itsourcecode · Itsourcecode Web-Based Internet Laboratory Management System

Drewbyte

Published

2025-09-17

Updated

2025-09-17

CVE-2025-10599

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Web-Based Internet Laboratory Management System version 1.0

Description A security flaw exists in itsourcecode Web-Based Internet Laboratory Management System. Manipulation of the user email argument in the User::AuthenticateUser function within the login.php file can lead to SQL injection. Remote exploitation is possible. The exploit has been released publicly.

Recommendations Address the SQL injection issue in the User::AuthenticateUser function of the login.php file by sanitizing the user email argument.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-10599

Affected Products

Itsourcecode Web-Based Internet Laboratory Management System

CVE-2025-10599

Weakness Enumeration

Related Identifiers

Affected Products

References · 10