CRITICAL🇵🇱 Wersja polska

CVE-2025-46188

CVSS 9.8v3.1pub. 2025-05-09upd. 2025-05-22

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.

🤖 AI Analysis
How it works

The vulnerability results from a lack of proper validation and sanitization of input data passed to SQL queries in the superadmin_phpmyadmin.php file. An attacker can inject malicious SQL code directly over the network without the need for authentication (AV:N, PR:N vector). One of the references indicates the possibility of escalating a SQL Injection attack to remote code execution (RCE), making the vulnerability particularly dangerous.

Impact

An attacker can gain unauthorized access to the complete contents of the database, modify or delete data, and potentially lead to remote code execution (RCE) on the server. The vulnerability threatens the confidentiality, integrity, and availability of the system to the highest degree.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. Temporarily, it is recommended to restrict network access to the vulnerable superadmin_phpmyadmin.php file at the firewall or web server level and to implement server-side input validation mechanisms.

Who is affected

SourceCodester Client Database Management System version 1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Lerouxyxchire Client Database Management System

    APP
    Lerouxyxchire
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-46189CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46190CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46191CRITICAL9.8PL ✓ten sam produkt

Dowolne przesyłanie plików i RCE w SourceCodester Client Database Management System 1.0

CVE-2025-46192CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46193CRITICAL9.8PL ✓ten sam produkt

RCE poprzez Arbitrary File Upload w SourceCodester Client Database Management System 1.0