PT-2025-35379 · Sourcecodester · Simple Cafe Billing System
Xyz123
·
Published
2025-08-30
·
Updated
2025-09-04
·
CVE-2025-9702
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Simple Cafe Billing System version 1.0
Description
A SQL injection issue exists in SourceCodester Simple Cafe Billing System 1.0. The vulnerability is located in the
/sales report.php file, affecting an unknown function. Manipulation of the month argument can lead to SQL injection. The exploit is publicly available and may be used to initiate attacks remotely.Recommendations
As a temporary workaround, consider restricting access to the
/sales report.php file until a fix is available.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Simple Cafe Billing System