PT-2025-20576 · Unknown · Sourcecodester Client Database Management System
Published
2025-05-09
·
Updated
2025-12-27
·
CVE-2025-46189
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Client Database Management System version 1.0
Description
The software is susceptible to a SQL Injection issue in the 'user order customer update.php' file. The issue occurs through the
order id POST parameter. Exploitation of this issue could allow an attacker to inject malicious SQL code, potentially leading to unauthorized access to or modification of the database. The API endpoint involved is 'user order customer update.php'. The vulnerable parameter is order id.Recommendations
SourceCodester Client Database Management System version 1.0: Sanitize or validate the
order id POST parameter in the 'user order customer update.php' file to prevent SQL Injection attacks.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Client Database Management System