漏洞关键信息 CVE ID: CVE-2025-12929 Vulnerability ID: VDB-331649, EUVD-2025-41749 Product: SourceCodester Survey Application System 1.0 File Affected: /loginRegistration.php Vulnerable Function: save_user/update_user Vulnerable Parameter: fullname Vulnerability Type: SQL Injection Severity: Critical CVE Classification: CWE-89 Exploit Availability: Yes Exploit Source: GitHub Exploit Technique: ATT&CK T1505 Attack Vector: Remote Authentication Required: No Impact: Confidentiality, Integrity, and Availability Summary A critical SQL injection vulnerability has been found in the save_user/update_user function of the SourceCodester Survey Application System 1.0. The vulnerability can be exploited remotely by manipulating the 'fullname' parameter in the /loginRegistration.php file. Details The vulnerability arises from the improper neutralization of special elements in the 'fullname' parameter, leading to SQL injection. The exploitation is known to be easy, and a public exploit is available. The attack requires no authentication and can be initiated remotely.