SQL Injection Vulnerability in SourceCodester Web-based Pharmacy Product Management System
CVE-2025-3696

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: Web-based Pharmacy Product Management System
Vendor: CVE Published:; 16 April 2025

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2025-3696?

A security vulnerability has been identified in the SourceCodester Web-based Pharmacy Product Management System version 1.0, specifically affecting the /search/search_stock.php file. This flaw enables remote attackers to inject malicious SQL code via the 'Name' parameter, potentially compromising the integrity of the entire database. Publicly disclosed exploits for this vulnerability pose a significant risk to sensitive data managed by the application, necessitating immediate attention for remediation.

References

https://github.com/yaklang/IRifyScanResult/blob/main/Web-...

https://vuldb.com/?ctiid.304984

https://vuldb.com/?id.304984

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025