CVE Alert: CVE-2025-10600 – SourceCodester – Online Exam Form Submission
CVE-2025-10600
A flaw has been found in SourceCodester Online Exam Form Submission 1.0. This impacts an unknown function of the file /register.php. This manipulation of the argument img causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used.
AI Summary Analysis
Risk verdict
High risk with public exploit activity; unauthenticated remote upload leads to potential remote code execution or data compromise.
Why this matters
Unrestricted file upload in a web form enables attackers to place and execute arbitrary payloads, risking server compromise, data exfiltration, and possible code execution. In education-focused deployments, this can expose student data, exam materials, and institutional credentials, with reputational and compliance impacts.
Most likely attack path
Remote attacker sends crafted request to register.php, bypassing authentication, and injects a malicious payload via the img parameter. With no user interaction and no privileges required, the uploaded file could be stored in the web root and invoked by the server, enabling further access or control. Lateral movement depends on server misconfigurations and how uploads are processed; if uploaded code is executed or served as assets, attacker foothold expands.
Who is most exposed
Publicly accessible PHP-based form submissions on web servers, typical of educational portals and low‑to‑mid tier hosting environments; installations without strict upload sanitisation or proper directory permissions are especially at risk.
Detection ideas
- Logs show POST to /register.php with unusual or large img values
- Upload directory contains new, executable files (e.g., .php) outside expected image types
- Web server attempts to execute uploaded files or anomalies in MIME handling
- Sudden spikes in image uploads or new file creation in uploads path
- IOCs from CTI feeds (IOB/IOA) for this CVE
Mitigation and prioritisation
- Apply vendor patch or upgrade to unaffected version; verify availability of fixed release.
- Disable or tightly restrict unrestricted uploads; enforce server-side validation, whitelisting of MIME types and extensions.
- Store uploads outside the web root; disable script execution in upload directories; rename files and implement size/type limits.
- Implement WAF rules and robust input sanitisation; require authentication for uploads when feasible.
- Enable monitoring and alerting; conduct credential hygiene and periodic pentests.
- If KEV true or EPSS ≥ 0.5, treat as priority 1.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
