CVE-2025-11736 MEDIUM

CVE-2025-11736: itsourcecode Online Examination System index.php sql injection

Vendor Itsourcecode
Product Online Examination System
Weakness CWE-89 · SQLi
Published October 14, 2025
Last update October 14, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated