SQL Injection Vulnerability in Exam Form Submission by Code-Projects
CVE-2025-8326

9.8CRITICAL

Key Information:

Vendor

Code-Projects

Status
Exam Form Submission
Vendor
CVE Published:
30 July 2025

What is CVE-2025-8326?

A critical vulnerability has been identified in the Exam Form Submission product by Code-Projects due to improper handling of user input in the /admin/delete_s7.php file. The vulnerability allows attackers to manipulate the ID argument, leading to SQL injection attacks that can be executed remotely. Successful exploitation may result in unauthorized access to sensitive data or database manipulation, exposing the application to significant security risks. The exploit has been disclosed publicly, highlighting the urgency for affected users to implement security measures.

References

https://github.com/vullis0/cve/issues/1
https://vuldb.com/?ctiid.318276
https://vuldb.com/?id.318276

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.