SQL Injection Vulnerability in SourceCodester Client Database Management System
CVE-2025-46192

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Client Database Management System
Vendor: CVE Published:; 9 May 2025

What is CVE-2025-46192?

The SourceCodester Client Database Management System version 1.0 has a vulnerability that allows SQL Injection through the user_payment_update.php script. This occurs when the 'order_id' POST parameter is manipulated, potentially enabling attackers to execute arbitrary SQL commands. Exploiting this vulnerability could compromise the integrity of the database, leading to unauthorized data access and manipulation.

References

https://www.invicti.com/learn/blind-sql-injection/

https://github.com/x6vrn/mitre/blob/main/CVE-2025-46192.md

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
Apr 22, 2025