CVE-2025-10599

A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument user_email results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

More information : https://github.com/drew-byte/Web-Based-Internet-Laboratory-Management-System_SQLi-PoC/blob/main/README.md