CVE-2025-10602 is a medium-severity SQL Injection vulnerability identified in SourceCodester Online Exam Form Submission version 1.0. The vulnerability exists in the /admin/delete_s1.php script, where the 'ID' parameter is improperly sanitized or validated, allowing an attacker to manipulate the SQL query executed on the backend database. This flaw enables remote attackers to inject arbitrary SQL commands without requiring authentication or user interaction, potentially leading to unauthorized data access, modification, or deletion. The vulnerability is exploitable over the network (attack vector: network), with low attack complexity and no privileges required, indicating that any remote attacker can exploit it without prior access. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P) reflects partial impacts on confidentiality, integrity, and availability, with no scope change and no security controls bypassed. Although no known exploits are currently observed in the wild, public proof-of-concept code is available, increasing the risk of exploitation. The vulnerability affects a niche web application used for online exam form submissions, which may be deployed in educational institutions or training centers to manage exam registrations and administration. The lack of patches or official remediation guidance increases the urgency for affected organizations to implement mitigations.

For European organizations, especially educational institutions, training centers, and certification bodies using SourceCodester Online Exam Form Submission 1.0, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to sensitive student or candidate data, manipulation or deletion of exam records, and disruption of exam administration processes. This could result in data breaches violating GDPR requirements, reputational damage, and operational downtime during critical exam periods. The ability to remotely exploit the vulnerability without authentication increases the attack surface, potentially allowing attackers to compromise multiple systems within an institution. Additionally, attackers could leverage the SQL injection to escalate privileges or pivot to other internal systems, amplifying the impact. Given the medium severity and partial impact on confidentiality, integrity, and availability, organizations must prioritize addressing this vulnerability to maintain compliance and operational continuity.

1. Immediate mitigation should include restricting access to the /admin/delete_s1.php endpoint via network-level controls such as IP whitelisting or VPN-only access to limit exposure to trusted administrators. 2. Implement Web Application Firewall (WAF) rules specifically targeting SQL injection patterns on the 'ID' parameter to block malicious payloads. 3. Conduct thorough input validation and parameterized queries or prepared statements in the application code to prevent SQL injection. Since no official patches are currently available, organizations should consider code review and manual remediation of the vulnerable script. 4. Monitor logs for suspicious activities targeting the vulnerable endpoint, including unusual query patterns or repeated access attempts. 5. Educate administrative users on the risks and encourage strong authentication mechanisms, even though the vulnerability does not require authentication, to reduce overall risk. 6. Plan for an upgrade or migration to a more secure and actively maintained exam management system to eliminate reliance on vulnerable software. 7. Regularly back up critical data and test restoration procedures to mitigate potential data loss from exploitation.