PT-2025-45596 · Sourcecodester · Sourcecodester Survey Application System
Lakshay12311
·
Published
2025-11-10
·
Updated
2025-11-14
·
CVE-2025-12929
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Survey Application System version 1.0
Description
A flaw exists in the SourceCodester Survey Application System that allows for SQL injection. This occurs through manipulation of the
fullname argument within the save user/update user function located in the /LoginRegistration.php file. The attack can be performed remotely. The exploit has been published. Other parameters may also be affected.Recommendations
Apply any available updates to address the SQL injection issue in the
save user/update user function of the /LoginRegistration.php file.
As a temporary workaround, restrict or sanitize the fullname argument to prevent SQL injection attacks.
Review and sanitize all other parameters used in the save user/update user function to mitigate potential vulnerabilities.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Survey Application System