SQL Injection Vulnerability in SourceCodester Online Bank Management System
CVE-2025-9021

6.9MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Online Bank Management System
Vendor
CVE Published:
15 August 2025

What is CVE-2025-9021?

A vulnerability in the SourceCodester Online Bank Management System version 1.0 has been identified, specifically within the /bank/transfer.php file. This issue allows an attacker to manipulate the email argument, enabling SQL injection attacks. Such attacks can be executed remotely, potentially compromising the database security and integrity of the system.

Affected Version(s)

Online Bank Management System 1.0

References

https://vuldb.com/?id.320086
vdb-entrytechnical-description
https://vuldb.com/?ctiid.320086
signaturepermissions-required
https://vuldb.com/?submit.631861
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

firewall (VulDB User)
JSON
.
CVE-2025-9021 : SQL Injection Vulnerability in SourceCodester Online Bank Management System