PT-2025-43913 · Code Projects · Code-Projects Online Event Judging System
Daminqaq
·
Published
2025-10-27
·
Updated
2025-10-27
·
CVE-2025-12254
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
code-projects Online Event Judging System version 1.0
Description
A flaw exists in code-projects Online Event Judging System that allows for SQL injection. This issue is related to the
/add judge.php file and manipulation of the fullname argument. The attack can be initiated remotely and an exploit is publicly available.Recommendations
Apply a fix to the
/add judge.php file to prevent manipulation of the fullname argument.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Code-Projects Online Event Judging System