CVE-2025-10596 is a SQL Injection vulnerability identified in SourceCodester Online Exam Form Submission version 1.0. The vulnerability resides in the /index.php file, specifically in the handling of the 'usn' parameter. An attacker can manipulate this parameter to inject malicious SQL code, which the backend database executes. This flaw allows remote exploitation without requiring authentication or user interaction, making it accessible to any attacker with network access to the vulnerable application. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges or user interaction required. The impact on confidentiality, integrity, and availability is limited but present, as the vulnerability could allow partial data disclosure, modification, or deletion depending on the database permissions and application logic. Although no public exploits are currently known in the wild, the exploit code has been made public, increasing the risk of exploitation. The vulnerability affects only version 1.0 of the product, and no official patches or mitigations have been published yet. The SourceCodester Online Exam Form Submission is a web-based application used for managing online exam registrations and submissions, which typically involves sensitive student data and exam-related information.

For European organizations, especially educational institutions and training providers using SourceCodester Online Exam Form Submission 1.0, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to student personal data, exam results, and registration details, potentially violating GDPR requirements for data protection and privacy. Data integrity could be compromised, affecting the reliability of exam records and results. Additionally, attackers might disrupt exam processes by modifying or deleting data, impacting availability and operational continuity. The medium severity rating suggests that while the vulnerability is not critical, it still represents a meaningful threat vector that could be leveraged for further attacks or data breaches. Given the sensitive nature of educational data and the regulatory environment in Europe, exploitation could result in legal penalties, reputational damage, and loss of trust among students and stakeholders.

European organizations should immediately assess their exposure to SourceCodester Online Exam Form Submission version 1.0 and prioritize upgrading to a patched version once available. In the absence of an official patch, organizations should implement input validation and parameterized queries or prepared statements to sanitize the 'usn' parameter and any other user inputs interacting with the database. Web application firewalls (WAFs) should be configured to detect and block SQL injection attempts targeting the vulnerable parameter. Network segmentation and access controls should limit exposure of the application to trusted users and networks only. Regular security audits and penetration testing focused on injection flaws should be conducted. Additionally, monitoring and logging of database queries and web application activity can help detect exploitation attempts early. Organizations should also review and minimize database user privileges to reduce the impact of a successful injection attack. Finally, staff training on secure coding practices and awareness of injection vulnerabilities is recommended to prevent future occurrences.