CVE-2025-12929

CWE-74 CWE-89 — SQL Injection3 documents3 sources

Severity

6.9MEDIUM

EPSS

0.0%

top 94.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Survey Application System Oretnom23 Survey Application System

Timeline

PublishedNov 10

Description

A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function save_user/update_user of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/survey_application_system1.0

▶NVDoretnom23/survey_application_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Survey Application System LoginRegistration.php update_user sql injection↗2025-11-10

▶

GHSA

GHSA-6q89-p8ww-gjxm: A flaw has been found in SourceCodester Survey Application System 1↗2025-11-10

▶