SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.
The vulnerability results from a lack of proper validation and sanitization of input data passed to SQL queries in the superadmin_phpmyadmin.php file. An attacker can inject malicious SQL code directly over the network without the need for authentication (AV:N, PR:N vector). One of the references indicates the possibility of escalating a SQL Injection attack to remote code execution (RCE), making the vulnerability particularly dangerous.
An attacker can gain unauthorized access to the complete contents of the database, modify or delete data, and potentially lead to remote code execution (RCE) on the server. The vulnerability threatens the confidentiality, integrity, and availability of the system to the highest degree.
Patches available from the manufacturer should be applied in accordance with the references. Temporarily, it is recommended to restrict network access to the vulnerable superadmin_phpmyadmin.php file at the firewall or web server level and to implement server-side input validation mechanisms.
SourceCodester Client Database Management System version 1.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLerouxyxchire Client Database Management System
APPLerouxyxchire1.0
Related vulnerabilities
SQL Injection w SourceCodester Client Database Management System 1.0
SQL Injection w SourceCodester Client Database Management System 1.0
Dowolne przesyłanie plików i RCE w SourceCodester Client Database Management System 1.0
SQL Injection w SourceCodester Client Database Management System 1.0
RCE poprzez Arbitrary File Upload w SourceCodester Client Database Management System 1.0