CVE Alert: CVE-2025-10800 - itsourcecode - Online Discussion Forum

CVE-2025-10800

HIGHNo exploitation knownPoC observed

A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

CVSS v3.1 (7.3)

Vendor

itsourcecode

Product

Online Discussion Forum

Versions

1.0

CWE

CWE-89, SQL Injection

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Published

2025-09-22T13:32:09.387Z

Updated

2025-09-22T13:58:56.020Z

References

https://vuldb.com/?id.325157

https://vuldb.com/?ctiid.325157

https://vuldb.com/?submit.654152

https://vuldb.com/?submit.654153

https://github.com/JunGu-W/cve/issues/14

https://github.com/JunGu-W/cve/issues/15

https://itsourcecode.com/

AI Summary Analysis

Risk verdict

High risk due to remote SQL injection with publicly available PoC; warrants urgent attention, though exploitation status beyond PoC is not confirmed.

Why this matters

Attacker capability to query the backend database could reveal sensitive data or undermine content integrity, with potential for additional web application abuse. Public exposure increases the probability of automated probing and mass attempts, impacting confidentiality and availability of the forum data.

Most likely attack path

Attacker can exploit via the index.php endpoint without authentication, using crafted input in the email/password fields over the network. Low attack complexity with no user interaction required means automated scanners could trigger injections on exposed instances; limited impact indicators suggest data access rather than full system takeover, but successful queries can seed further abuse within the app.

Who is most exposed

Publicly reachable installations of itsourcecode Online Discussion Forum 1.0 are at greatest risk, especially sites running defaults or unpatched on internet-facing servers in typical LAMP-type deployments.

Detection ideas

Web server logs showing anomalous patterns in email/password parameters (UNION/SELECT payloads).
Database error messages or latency spikes linked to injection attempts.
Unusual authentication or data-access patterns from external IPs.
Signatures or indicators from PoC assets in network traffic or payloads.
WAF alerts triggered by SQLi-like payloads.

Mitigation and prioritisation

Apply vendor patch or upgrade to non-affected versions; prioritise patch window.
Enforce parameterised queries and input validation; disable dynamic query construction.
Harden inputs at the application layer; implement prepared statements and ORM safeguards.
Deploy or tune WAF rules to block SQLi patterns; suppress verbose DB error messages.
Change-management: test in staging, rollback plan, monitor post-deployment telemetry for exfiltration attempts.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-10800, itsourcecode, online-discussion-forum, OSINT, threatintel

CVE Alert: CVE-2025-10800 – itsourcecode – Online Discussion Forum