CVE-2025-8328 is a SQL Injection vulnerability identified in version 1.0 of the 'Exam Form Submission' application developed by code-projects. The vulnerability resides in the /register.php file, specifically in the handling of the 'USN' parameter. An attacker can manipulate this parameter to inject malicious SQL code, potentially allowing unauthorized access to or modification of the backend database. The vulnerability is exploitable remotely without requiring authentication or user interaction, increasing its risk profile. Although the CVSS 4.0 score is 6.9 (medium severity), the vulnerability is classified as critical in the description, indicating a significant risk if exploited. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact on confidentiality, integrity, and availability is low individually but combined could lead to moderate overall impact. The vulnerability affects an unknown functionality related to the USN parameter, and other parameters might also be vulnerable, suggesting a broader injection issue. No patches or fixes have been published yet, and no known exploits are currently in the wild, but public disclosure increases the risk of exploitation attempts.

For European organizations using the 'Exam Form Submission' application version 1.0, this vulnerability poses a significant risk to the confidentiality and integrity of sensitive data, such as student registration information. Successful exploitation could lead to unauthorized data access, data manipulation, or disruption of the registration process, impacting operational continuity and data privacy compliance (e.g., GDPR). Educational institutions and examination bodies relying on this software could face reputational damage and regulatory penalties if personal data is compromised. The remote and unauthenticated nature of the exploit increases the likelihood of attacks, especially in environments with internet-facing instances of the vulnerable application. Given the critical nature of exam-related data, any compromise could undermine trust in academic processes and lead to broader systemic issues.

Organizations should immediately conduct an inventory to identify any deployments of code-projects Exam Form Submission version 1.0. Until an official patch is released, implement the following mitigations: 1) Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the USN parameter and other input fields. 2) Apply input validation and sanitization on all user-supplied data, especially the USN parameter, to reject or properly escape malicious input. 3) Restrict network access to the /register.php endpoint to trusted IP ranges where feasible. 4) Monitor application logs and database queries for anomalous activity indicative of injection attempts. 5) Engage with the vendor or community to obtain patches or updates as soon as they become available. 6) Consider isolating or temporarily disabling the vulnerable functionality if it is not critical to operations. 7) Educate developers and administrators on secure coding practices to prevent similar vulnerabilities in future versions.