CRITICAL🇵🇱 Wersja polska

CVE-2025-46189

CVSS 9.8v3.1pub. 2025-05-09upd. 2025-05-22

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter.

🤖 AI Analysis
How it works

The vulnerability (CWE-89) consists of the lack of proper validation and sanitization of the POST parameter named order_id in the user_order_customer_update.php script. An attacker can pass crafted input containing malicious SQL code, which is directly embedded in the database query. The attack requires no authentication, special privileges, or user interaction, making it particularly dangerous.

Impact

An attacker can gain unauthorized access to data stored in the database, modify or delete data (e.g., customer and order data), and in favorable database server configurations, could lead to complete system takeover.

Mitigation & patch

Apply patches available from the vendor according to the references. It is also recommended to implement parameterized SQL queries (prepared statements) in the application code, restrict network access to the system, and verify all input data on the server side.

Who is affected

SourceCodester Client Database Management System version 1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Lerouxyxchire Client Database Management System

    APP
    Lerouxyxchire
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-46188CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46190CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46191CRITICAL9.8PL ✓ten sam produkt

Dowolne przesyłanie plików i RCE w SourceCodester Client Database Management System 1.0

CVE-2025-46192CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46193CRITICAL9.8PL ✓ten sam produkt

RCE poprzez Arbitrary File Upload w SourceCodester Client Database Management System 1.0