SQL Injection Vulnerability in SourceCodester Web-based Pharmacy Product Management System
CVE-2025-3697

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: Web-based Pharmacy Product Management System
Vendor: CVE Published:; 16 April 2025

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2025-3697?

A significant SQL injection vulnerability has been identified in the SourceCodester Web-based Pharmacy Product Management System version 1.0. The issue arises from improper handling of the 'ID' parameter in the /edit-product.php file, allowing attackers to execute arbitrary SQL commands through crafted requests. This vulnerability can be exploited remotely, potentially leading to unauthorized access to sensitive data. Organizations using this software should implement immediate mitigative measures to secure their applications.

References

https://github.com/yaklang/IRifyScanResult/blob/main/Web-...

https://vuldb.com/?ctiid.304985

https://vuldb.com/?id.304985

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025