PT-2025-20582 · Sourcecodester · Sourcecodester Client Database Management System

Published

2025-05-09

Updated

2025-12-27

CVE-2025-46192

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0

Description The software is susceptible to a SQL Injection issue within the user payment update.php file. The issue occurs through the order id POST parameter. The vulnerability allows for potential unauthorized access or modification of the database.

Recommendations SourceCodester Client Database Management System version 1.0: Sanitize or validate the order id POST parameter in the user payment update.php file to prevent SQL Injection.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-46192

Affected Products

Sourcecodester Client Database Management System

CVE-2025-46192

Weakness Enumeration

Related Identifiers

Affected Products

References · 10