SQL Injection Vulnerability in SourceCodester Web-based Pharmacy Product Management System
CVE-2025-3697

6.3MEDIUM

Key Information:

Vendor: SourceCodester
Status: Web-based Pharmacy Product Management System
Vendor: CVE Published:; 16 April 2025

Summary

A significant SQL injection vulnerability has been identified in the SourceCodester Web-based Pharmacy Product Management System version 1.0. The issue arises from improper handling of the 'ID' parameter in the /edit-product.php file, allowing attackers to execute arbitrary SQL commands through crafted requests. This vulnerability can be exploited remotely, potentially leading to unauthorized access to sensitive data. Organizations using this software should implement immediate mitigative measures to secure their applications.

References

https://github.com/yaklang/IRifyScanResult/blob/main/Web-...

https://vuldb.com/?ctiid.304985

https://vuldb.com/?id.304985

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025