CVE Alert: CVE-2025-10596 – SourceCodester – Online Exam Form Submission
CVE-2025-10596
A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument usn results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
AI Summary Analysis
Risk verdict
Urgent risk: publicly available PoC and remote, unauthenticated SQL injection via index.php means automated exploitation is likely; patch as a top priority.
Why this matters
An attacker could read or modify backend data and potentially exfiltrate sensitive information, with impact that, while described as low per component metrics, accumulating data leaks or integrity issues could undermine exam results and user trust. The public PoC and remote access elevate the threat of mass, automated attacks against any publicly reachable instance.
Most likely attack path
Attackers can target the usn parameter over the network without user interaction or privileges, leveraging a basic SQL injection. With no UI prompt and no auth required, a single crafted request could expose or alter data in the app’s database, subject to the DB permissions of the application role. Lateral movement would be limited to the application DB, but data exfiltration or manipulation of exam records remains plausible if privileges permit.
Who is most exposed
Publicly accessible, web-hosted deployments of the online exam form (common on shared/LAMP stacks) are most at risk, particularly in educational or academic settings with limited WAF coverage or patch cadence.
Detection ideas
- Look for repeated ARP-like SQL errors or database error messages in logs/responses.
- Monitor for unusual patterns in requests to the usn parameter.
- Elevated DB query latency and abnormal data retrieval attempts.
- WAF alerts for SQLi patterns targeting index.php.
- Sudden spikes in failed login or data access events.
Mitigation and prioritisation
- Apply any available patch or upgrade to a fixed version immediately.
- Enforce parameterized queries and rigorous input validation; disable verbose error messages.
- Implement WAF/IPS rules tuned for SQL injection; enforce least-privilege DB accounts.
- Schedule a rapid change window and verify backups before deployment.
- If KEV true or EPSS ≥ 0.5 were known, treat as priority 1; without those indicators, maintain high-priority remediation and monitoring.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
