CVE-2025-12238

📊 5.3 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published Oct 27, 2025

📋 Status: Analyzed

A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	fabian	automated voting system	1.0	Vulnerable	cpe:2.3:a:fabian:automated_voting_system:1.0:::::::*

📱

fabian / automated voting system

Application

Vulnerable

Version: 1.0

CPE:

cpe:2.3:a:fabian:automated_voting_system:1.0:*:*:*:*:*:*:*

Metrics

5.3 MEDIUMCVSS v4.0[email protected]

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

5.3 (MEDIUM)v4.0

Source: [email protected]

EPSS Details

0.0% (Minimal)5.5th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Oct 27, 2025 (6 days ago)

Last Modified

Oct 27, 2025 (6 days ago)

Security Weaknesses3

CWE-74CWE-89

References5

NVDgeneralgeneral+2