CVE-2025-3383

CWE-74 CWE-89 — SQL Injection CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

6.9MEDIUM

EPSS

0.2%

top 55.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Web-based Pharmacy Product Management System Senior-walter Web-based Pharmacy Product Management System

Timeline

PublishedApr 7

Latest updateJul 18

Description

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search/search_sales.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/web-based_pharmacy_product_management_system1.0

▶NVDsenior-walter/web-based_pharmacy_product_management_system1.0

🔴Vulnerability Details

GHSA

melange's world-writable permissions expose SBOM files to potential image tampering↗2025-07-18

▶

GHSA

GHSA-r75x-m5pq-2c5m: A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1↗2025-04-07

▶

CVEList

SourceCodester Web-based Pharmacy Product Management System search_sales.php sql injection↗2025-04-07

▶