SQL Injection Vulnerability in SourceCodester Simple Forum Discussion System
CVE-2025-10790

5.3MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Simple Forum Discussion System
Vendor: CVE Published:; 22 September 2025

🔔 Create Sourcecodester Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-10790?

A security flaw in SourceCodester Simple Forum Discussion System 1.0 has been identified, where improper handling of the 'Description' parameter in the '/ajax.php?action=save_category' function can lead to SQL injection attacks. This flaw enables an attacker to manipulate database queries through unsanitized input, allowing for unauthorized data access and modifications. The vulnerability is critical as it can be remotely exploited, putting the system at risk if unaddressed. Users are advised to implement necessary security measures and patches to remediate this issue.

Affected Version(s)

Simple Forum Discussion System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-10790 - Proof of Concept