PT-2025-43930 · Code Projects · Online Event Judging System
Zhonglouguairen
·
Published
2025-10-27
·
Updated
2025-10-28
·
CVE-2025-12263
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
code-projects Online Event Judging System version 1.0
Description
A flaw exists in code-projects Online Event Judging System 1.0 that allows for remote SQL injection. The issue is located in the file
/edit judge.php within an unknown function. Manipulating the judge id argument can trigger the injection. The exploit is publicly available.Recommendations
Apply any available updates to address the SQL injection issue in the
/edit judge.php file.
As a temporary workaround, restrict access to the /edit judge.php file.
Sanitize the judge id argument to prevent SQL injection attacks.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Online Event Judging System