CVE-2025-10407

A vulnerability was identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_user.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
References
Link Resource
https://github.com/qcycop0101-hash/CVE/issues/3 Exploit Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.323841 Permissions Required VDB Entry
https://vuldb.com/?id.323841 Third Party Advisory VDB Entry
https://vuldb.com/?submit.646909 Third Party Advisory VDB Entry
https://www.sourcecodester.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:student_grading_system:1.0:*:*:*:*:*:*:*

History

18 Sep 2025, 20:28

Type Values Removed Values Added
CPE cpe:2.3:a:razormist:student_grading_system:1.0:*:*:*:*:*:*:* cpe:2.3:a:oretnom23:student_grading_system:1.0:*:*:*:*:*:*:*
First Time Oretnom23
Oretnom23 student Grading System

17 Sep 2025, 16:55

Type Values Removed Values Added
CPE cpe:2.3:a:razormist:student_grading_system:1.0:*:*:*:*:*:*:*
First Time Razormist student Grading System
Razormist
References () https://github.com/qcycop0101-hash/CVE/issues/3 - () https://github.com/qcycop0101-hash/CVE/issues/3 - Exploit, Issue Tracking, Third Party Advisory
References () https://vuldb.com/?ctiid.323841 - () https://vuldb.com/?ctiid.323841 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.323841 - () https://vuldb.com/?id.323841 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.646909 - () https://vuldb.com/?submit.646909 - Third Party Advisory, VDB Entry
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product

14 Sep 2025, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-09-14 20:15

Updated : 2025-09-18 20:28


NVD link : CVE-2025-10407

Mitre link : CVE-2025-10407

CVE.ORG link : CVE-2025-10407


JSON object : View

Products Affected

oretnom23

  • student_grading_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')