SQL Injection Vulnerability in SourceCodester Client Database Management System
CVE-2025-46190

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Client Database Management System
Vendor: CVE Published:; 9 May 2025

What is CVE-2025-46190?

The Client Database Management System version 1.0 from SourceCodester contains a vulnerability that allows attackers to exploit the user_delivery_update.php script through the order_id POST parameter. This input validation flaw can enable unauthorized database access, potentially leading to data leakage or manipulation. It is crucial for users of this system to evaluate their exposure and implement necessary security measures to prevent exploitation.

References

https://www.invicti.com/learn/blind-sql-injection/

https://github.com/x6vrn/mitre/blob/main/CVE-2025-46190.md

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
Apr 22, 2025