CVE-2025-8985

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Published: Aug 15, 2025
Updated: Aug 19, 2025
CVE: CVE-2025-8985
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
unyasoft / covid19_testing_management_system	1.0	1.0.x

https://github.com/zhuyi-hz/cve/issues/6
https://vuldb.com/?ctiid.319981
https://vuldb.com/?id.319981
https://vuldb.com/?submit.628662
https://www.sourcecodester.com/

Vulnerability Database

CVE-2025-8985

Deep Security Visibility Without the Complexity