SQL Injection Vulnerability in SourceCodester Online Bank Management System
CVE-2025-9022

6.9MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Online Bank Management System
Vendor
CVE Published:
15 August 2025

What is CVE-2025-9022?

A vulnerability in the SourceCodester Online Bank Management System allows for SQL injection through improper handling of user input in the /bank/statements.php file. By manipulating the email argument, attackers can execute arbitrary SQL code remotely, potentially accessing sensitive information from the database. This weakness poses significant risks for users and database integrity, necessitating immediate attention and remediation.

Affected Version(s)

Online Bank Management System 1.0

References

https://vuldb.com/?id.320087
vdb-entrytechnical-description
https://vuldb.com/?ctiid.320087
signaturepermissions-required
https://vuldb.com/?submit.631862
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

firewall (VulDB User)
JSON
.