SQL Injection Vulnerability in SourceCodester Web-based Pharmacy Management System
CVE-2025-3694
9.8CRITICAL
Key Information:
- Vendor
SourceCodester
- Vendor
- CVE Published:
- 16 April 2025
What is CVE-2025-3694?
A vulnerability has been identified in the SourceCodester Web-based Pharmacy Product Management System version 1.0, specifically within the Login Handler component. This vulnerability occurs due to improper handling of the login_email parameter, allowing for SQL injection attacks. An attacker can exploit this weakness remotely, potentially compromising the integrity of the system. Public disclosure of the exploit increases the urgency for affected users to implement security measures and updates to safeguard against potential threats.