SQL Injection Vulnerability in SourceCodester Web-based Pharmacy Product Management System
CVE-2025-3696

6.3MEDIUM

Key Information:

Vendor: SourceCodester
Status: Web-based Pharmacy Product Management System
Vendor: CVE Published:; 16 April 2025

Summary

A security vulnerability has been identified in the SourceCodester Web-based Pharmacy Product Management System version 1.0, specifically affecting the /search/search_stock.php file. This flaw enables remote attackers to inject malicious SQL code via the 'Name' parameter, potentially compromising the integrity of the entire database. Publicly disclosed exploits for this vulnerability pose a significant risk to sensitive data managed by the application, necessitating immediate attention for remediation.

References

https://github.com/yaklang/IRifyScanResult/blob/main/Web-...

https://vuldb.com/?ctiid.304984

https://vuldb.com/?id.304984

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025