CVE-2025-8985 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-8985?

CVE-2025-8985 has a CVSS score of 7.3 (HIGH). This vulnerability allows remote attackers to execute SQL injection attacks via the 'mobilenumber' parameter in the /profile.php file of SourceCodester COVID 19 Testing Management System 1.0. Attackers can potentially access, modify, or delete database content without authentication. Organizations using this specific software version are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute SQL injection attacks via the 'mobilenumber' parameter in the /profile.php file of SourceCodester COVID 19 Testing Management System 1.0. Attackers can potentially access, modify, or delete database content without authentication. Organizations using this specific software version are affected.

💻 Affected Systems

Products:

SourceCodester COVID 19 Testing Management System

Versions: 1.0

Operating Systems: Any OS running PHP/MySQL web server

Default Config Vulnerable: ⚠️ Yes

Notes: Requires PHP/MySQL environment. The vulnerability exists in the default installation.

📦 What is this software?

Covid19 Testing Management System by Unyasoft

View all CVEs affecting Covid19 Testing Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized data access and extraction of sensitive COVID testing information, patient records, and system credentials.

🟢

If Mitigated

Limited impact with proper input validation, WAF protection, and database permissions restricting query execution.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit details exist.

🏢 Internal Only: MEDIUM - Still significant risk if internal attackers exist, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires no authentication and has simple injection vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sourcecodester.com/

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates. Consider implementing workarounds or replacing the software.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to sanitize the mobilenumber parameter and other user inputs

// PHP example: filter_var($_POST['mobilenumber'], FILTER_SANITIZE_NUMBER_INT);
// Use prepared statements: $stmt = $pdo->prepare('SELECT * FROM users WHERE mobilenumber = ?'); $stmt->execute([$mobilenumber]);

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns in HTTP requests

# ModSecurity example: SecRule ARGS "@detectSQLi" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

Isolate the system behind a reverse proxy with strict input filtering
Implement network segmentation to limit database access from the web server

🔍 How to Verify

Check if Vulnerable:

Test the /profile.php endpoint with SQL injection payloads in the mobilenumber parameter (e.g., ' OR '1'='1) and observe database errors or unexpected behavior.

Check Version:

Check the software version in the admin panel or review source code comments for version information.

Verify Fix Applied:

After implementing fixes, test with the same payloads and verify they are rejected or sanitized without database errors.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in web server logs
Multiple rapid requests to /profile.php with varying parameters
Requests containing SQL keywords (UNION, SELECT, INSERT) in mobilenumber parameter

Network Indicators:

Unusual database query patterns from web server IP
Outbound data exfiltration from database server

SIEM Query:

source="web_logs" AND uri="/profile.php" AND (mobilenumber="*UNION*" OR mobilenumber="*SELECT*" OR mobilenumber="*OR*1*" OR status>=500)

📊 Metadata

CVE ID: CVE-2025-8985

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.03% exploit probability (7.4th percentile)

Published: August 14, 2025

Last Updated: August 18, 2025

🔗 References

https://github.com/zhuyi-hz/cve/issues/6 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.319981 Permissions Required,VDB Entry
https://vuldb.com/?id.319981 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.628662 Third Party Advisory,VDB Entry
https://www.sourcecodester.com/ Product
https://github.com/zhuyi-hz/cve/issues/6 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8985, you might also want to check these: