CVE-2025-8987 is a SQL Injection vulnerability identified in SourceCodester COVID 19 Testing Management System version 1.0. The vulnerability exists in the /test-details.php file, specifically through the manipulation of the 'remark' parameter. An attacker can remotely exploit this vulnerability without requiring authentication or user interaction. By injecting malicious SQL code into the 'remark' parameter, an attacker could manipulate backend database queries, potentially leading to unauthorized data access, data modification, or even deletion. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact on confidentiality, integrity, and availability is rated as low, suggesting limited but non-negligible damage potential. The vulnerability scope is unchanged, meaning the exploit affects only the vulnerable component without impacting other system components. Although no public exploits are currently known in the wild, the exploit details have been disclosed publicly, increasing the risk of exploitation. Given that the affected product is a COVID-19 testing management system, the data involved likely includes sensitive health information, which raises privacy and regulatory concerns. The vulnerability could be leveraged to extract or alter patient testing data, undermining trust in health services and potentially violating data protection regulations such as GDPR.

For European organizations, the impact of this vulnerability is significant due to the sensitive nature of health-related data managed by COVID-19 testing systems. Unauthorized access or manipulation of test results could lead to misinformation, affecting public health decisions and individual patient care. Additionally, data breaches involving personal health information could result in severe legal and financial penalties under GDPR. The integrity of testing data is critical for epidemiological tracking and public health responses; thus, exploitation could disrupt these efforts. Furthermore, exploitation could damage the reputation of healthcare providers and associated organizations. Since the vulnerability allows remote exploitation without authentication, attackers could target multiple organizations, including hospitals, clinics, and government health agencies across Europe. The medium severity rating suggests that while the vulnerability is not the most critical, it still poses a tangible risk that must be addressed promptly to prevent potential data breaches and service disruptions.

1. Immediate patching or upgrading to a version of the SourceCodester COVID 19 Testing Management System that addresses this vulnerability is the most effective mitigation. If no patch is available, organizations should consider disabling or restricting access to the vulnerable /test-details.php endpoint. 2. Implement input validation and parameterized queries or prepared statements in the application code to prevent SQL injection attacks. 3. Employ Web Application Firewalls (WAFs) configured to detect and block SQL injection attempts targeting the 'remark' parameter. 4. Conduct thorough security audits and penetration testing focused on SQL injection vulnerabilities in all web-facing applications, especially those handling sensitive health data. 5. Monitor logs for unusual database query patterns or repeated access attempts to the vulnerable endpoint to detect potential exploitation attempts early. 6. Restrict network access to the application to trusted IP ranges where possible, reducing the attack surface. 7. Educate developers and IT staff on secure coding practices and the importance of sanitizing user inputs. 8. Ensure regular backups of critical data to enable recovery in case of data tampering or loss.