CVE-2025-10082 is a SQL Injection vulnerability identified in SourceCodester Online Polling System version 1.0. The vulnerability exists in an unspecified function within the /admin/manage-admins.php file, where the 'email' parameter is improperly sanitized, allowing an attacker to inject malicious SQL code. This flaw enables remote exploitation without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/AT:N/PR:N/UI:N). Successful exploitation could lead to partial compromise of the confidentiality, integrity, and availability of the underlying database, as the vulnerability has low impact on confidentiality, integrity, and availability (VC:L/VI:L/VA:L). The vulnerability is publicly disclosed, but there are no known exploits in the wild at this time. The CVSS 4.0 base score is 6.9, categorizing it as a medium severity issue. The attack surface is limited to the affected version 1.0 of the SourceCodester Online Polling System, which is typically used for managing online polls and voting processes. Given the nature of the vulnerability, an attacker could manipulate the SQL queries to extract sensitive data, modify administrative records, or disrupt polling operations, potentially undermining the trustworthiness of polling results and administrative control.

For European organizations using SourceCodester Online Polling System 1.0, this vulnerability poses a significant risk to the integrity and confidentiality of polling data and administrative controls. Exploitation could lead to unauthorized access to sensitive user or administrative information, manipulation of poll outcomes, or denial of service through database corruption. This could damage organizational reputation, violate data protection regulations such as GDPR, and disrupt decision-making processes reliant on polling data. Public sector entities, political organizations, and private companies conducting online polls in Europe could face operational and legal consequences if this vulnerability is exploited. The medium severity rating suggests that while the vulnerability is serious, it requires no authentication and no user interaction, increasing the risk of automated attacks targeting exposed systems.

To mitigate this vulnerability, organizations should immediately upgrade to a patched version of the SourceCodester Online Polling System once available. In the absence of an official patch, administrators should implement input validation and parameterized queries or prepared statements for all database interactions involving user-supplied input, particularly the 'email' parameter in /admin/manage-admins.php. Web application firewalls (WAFs) can be configured to detect and block SQL injection attempts targeting this endpoint. Additionally, organizations should conduct thorough code reviews and security testing to identify and remediate similar injection flaws. Monitoring database logs for unusual queries and implementing least privilege principles for database access can reduce potential damage. Finally, restricting access to the administrative interface via IP whitelisting or VPNs can limit exposure to remote attackers.