SQL Injection Vulnerability in Exam Form Submission by Code-Projects
CVE-2025-8250

6.9MEDIUM

Key Information:

Vendor: Code-projects
Status: Exam Form Submission
Vendor: CVE Published:; 28 July 2025

🔔 Create Code-projects Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-8250?

A SQL injection vulnerability was identified in the Exam Form Submission application by Code-Projects, specifically within the /admin/update_s4.php file. This vulnerability arises due to improper handling of the 'credits' argument, allowing remote attackers to exploit this weakness and manipulate database queries. The potential impact includes unauthorized data access and modification, posing significant risks to the integrity and confidentiality of the application’s data.

Affected Version(s)

Exam Form Submission 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-8250 - Proof of Concept