CVE-2025-12933

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Baby Care System version 1.0

Description A flaw exists in SourceCodester Baby Care System 1.0 that allows for SQL injection. This issue affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Manipulation of the roleid parameter can lead to SQL injection, and the attack can be launched remotely. The exploit is publicly available.

Recommendations Update to a newer version of SourceCodester Baby Care System that addresses this vulnerability. As a temporary workaround, restrict access to the /updatewelcome.php file. Sanitize the roleid parameter before using it in any database queries.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-12933

Affected Products

Baby Care System

CVE-2025-12933

Weakness Enumeration

Related Identifiers

Affected Products

References · 12