CVE-2025-10482 is a SQL Injection vulnerability identified in version 1.0 of the SourceCodester Online Student File Management System. The vulnerability exists in the /admin/index.php file, specifically through the manipulation of the 'Username' parameter. This flaw allows an unauthenticated remote attacker to inject malicious SQL code into the backend database queries. The injection can lead to unauthorized data access, data modification, or potentially full database compromise. The vulnerability does not require any authentication or user interaction, making it easier to exploit remotely over the network. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the network attack vector, low attack complexity, no privileges or user interaction needed, but limited impact on confidentiality, integrity, and availability. Although no known exploits are currently observed in the wild, a public exploit is available, increasing the risk of exploitation. The vulnerability affects only version 1.0 of the product, which is a niche student file management system typically used by educational institutions to manage student documents and records.

For European organizations, particularly educational institutions using this specific SourceCodester system, the impact could be significant. Exploitation could lead to unauthorized disclosure of sensitive student information, including personal data and academic records, violating GDPR and other privacy regulations. Data integrity could also be compromised, affecting the reliability of student records. Availability impacts are possible if attackers manipulate or delete database contents, disrupting administrative operations. Given the educational sector's critical role and regulatory environment in Europe, such breaches could result in reputational damage, legal penalties, and operational disruptions. However, the limited market penetration of this specific product and the medium severity rating somewhat reduce the overall risk to the broader European education sector.

Organizations should immediately identify if they use SourceCodester Online Student File Management System version 1.0. If so, they should restrict access to the /admin/index.php interface to trusted IP addresses or internal networks only, using network segmentation and firewall rules. Input validation and parameterized queries should be implemented or verified in the application code to prevent SQL injection. If vendor patches or updates become available, prompt application is critical. In the absence of patches, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the Username parameter. Regular security audits and database monitoring for unusual queries or access patterns can help detect exploitation attempts early. Additionally, ensure backups of critical data are maintained securely to enable recovery in case of data tampering or loss.