PT-2025-16901 · Sourcecodester · Sourcecodester Web-Based Pharmacy Product Management System

Lingze

Published

2025-04-16

Updated

2025-04-29

CVE-2025-3729

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Web-based Pharmacy Product Management System version 1.0

Description A critical issue has been found in the Database Backup Handler component, specifically in the file backup.php. The manipulation of the txtdbname argument leads to os command injection. This issue can be exploited remotely.

Recommendations For version 1.0, consider disabling the Database Backup Handler component or restricting access to the backup.php file until a patch is available. Avoid using the txtdbname argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2025-3729

Affected Products

Sourcecodester Web-Based Pharmacy Product Management System

PT-2025-16901 · Sourcecodester · Sourcecodester Web-Based Pharmacy Product Management System

CVE-2025-3729

Weakness Enumeration

Related Identifiers

Affected Products

References · 12