SQL Injection Vulnerability in Sourcecodester Computer Laboratory Management System
CVE-2025-45956
8.8HIGH
Summary
A SQL injection vulnerability exists in the 'manage_damage.php' file of Sourcecodester's Computer Laboratory Management System v1.0. This flaw permits authenticated attackers to execute arbitrary SQL commands through the manipulation of the 'id' parameter, potentially compromising sensitive data stored in the database.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved