SQL Injection Vulnerability in Exam Form Submission by Code Projects
CVE-2025-8249

7.3HIGH

Key Information:

Vendor: Code Projects
Status: Exam Form Submission
Vendor: CVE Published:; 28 July 2025

🔔 Create Code Projects Vulnerability Alert

What is CVE-2025-8249?

A security flaw has been identified in the Exam Form Submission application version 1.0, specifically related to the processing of the /admin/update_s3.php file. This vulnerability stems from improper handling of the 'credits' argument, which allows attackers to execute unauthorized SQL queries and potentially compromise the database. The exploit can be initiated remotely, making it essential for users and administrators to apply necessary patches and monitor their systems for suspicious activities.

References

https://code-projects.org/

https://github.com/Dingzenggonpo/cve/issues/2

https://vuldb.com/?ctiid.317837

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025