A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument user_email results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-29743 A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument user_email results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 22 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:itsourcecode:web-based_internet_laboratory_management_system:1.0:*:*:*:*:*:*:*

Thu, 18 Sep 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode web-based Internet Laboratory Management System
Vendors & Products Itsourcecode
Itsourcecode web-based Internet Laboratory Management System

Wed, 17 Sep 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 17 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument user_email results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Title itsourcecode Web-Based Internet Laboratory Management System login.php AuthenticateUser sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-09-17T16:19:20.211Z

Reserved: 2025-09-17T06:35:38.952Z

Link: CVE-2025-10599

cve-icon Vulnrichment

Updated: 2025-09-17T16:19:16.622Z

cve-icon NVD

Status : Analyzed

Published: 2025-09-17T16:15:34.747

Modified: 2025-09-22T15:02:33.920

Link: CVE-2025-10599

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-18T12:41:33Z