CVE Alert: CVE-2025-12263 - code-projects - Online Event Judging System

CVE-2025-12263

MEDIUMNo exploitation knownPoC observed

A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

CVSS v3.1 (6.3)

Vendor

code-projects

Product

Online Event Judging System

Versions

1.0

CWE

CWE-89, SQL Injection

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Published

2025-10-27T10:32:08.484Z

Updated

2025-10-27T12:46:44.143Z

References

https://vuldb.com/?id.329934

https://vuldb.com/?ctiid.329934

https://vuldb.com/?submit.674065

https://github.com/anyizilegong/cve/issues/2

https://code-projects.org/

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

WAF/logs show suspicious input in the vulnerable parameter (e.g., SQL payload patterns).
Database or application logs reveal SQL errors or unusual queries tied to the endpoint.
Spikes in access attempts or errors on the edit functionality without corresponding user actions.
Reappearance of known PoC payloads or generic SQLi indicators in request strings.

Mitigation and prioritisation

Apply the vendor/patch upgrade or hotfix to remove the vulnerability; deploy in staging before production.
Enforce parameterised queries and strict input validation; implement least-privilege DB accounts.
Disable or tightly gate the endpoint until mitigated; add robust authentication/authorization checks.
Enable WAF rules or SEL for SQLi on this parameter; monitor for related IOC.
Change-management: test impact in a non-production environment; communicate remediation timelines. If KEV true or EPSS ≥ 0.5, treat as priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: code-projects, CVE, cve-2025-12263, online-event-judging-system, OSINT, threatintel