SQL Injection Vulnerability in SourceCodester Online Medicine Ordering System
CVE-2025-3140

5.3MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Online Medicine Ordering System
Vendor: CVE Published:; 3 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An SQL injection vulnerability has been identified in the SourceCodester Online Medicine Ordering System version 1.0. The issue arises due to improper handling of the ID argument in the /view_category.php file, allowing attackers to manipulate SQL queries remotely. This exploitation could lead to unauthorized access to sensitive data, compromising the application's security and integrity. It is essential for users and administrators to implement security patches and validate user inputs to mitigate this risk.

Affected Version(s)

Online Medicine Ordering System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-3140 - Proof of Concept