CRITICAL🇵🇱 Wersja polska

CVE-2025-46190

CVSS 9.8v3.1pub. 2025-05-09upd. 2025-05-22

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter.

🤖 AI Analysis
How it works

The vulnerability occurs in the POST parameter named order_id, passed to the user_delivery_update.php script. User-entered data is included in the SQL query without proper validation and sanitization, allowing an attacker to inject arbitrary SQL instructions. Due to the lack of authentication requirements (PR:N, UI:N), the exploit can be carried out by anyone with network access to the application.

Impact

An attacker can gain full access to the database, read, modify or delete collected data, and under favorable configuration conditions, lead to command execution on the server. The CVSS vector indicates high risk of breach of confidentiality, integrity and system availability.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with references. Until the fix is implemented, it is recommended to restrict network access to the application and implement Web Application Firewall (WAF) rules blocking SQL injection attempts.

Who is affected

SourceCodester Client Database Management System version 1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Lerouxyxchire Client Database Management System

    APP
    Lerouxyxchire
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-46188CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46189CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46191CRITICAL9.8PL ✓ten sam produkt

Dowolne przesyłanie plików i RCE w SourceCodester Client Database Management System 1.0

CVE-2025-46192CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46193CRITICAL9.8PL ✓ten sam produkt

RCE poprzez Arbitrary File Upload w SourceCodester Client Database Management System 1.0