CVE-2025-3697

CWE-74 CWE-89 — SQL Injection CWE-264 CWE-2335 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 56.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Web-based Pharmacy Product Management System Senior-walter Web-based Pharmacy Product Management System

Timeline

PublishedApr 16

Description

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/web-based_pharmacy_product_management_system1.0

▶NVDsenior-walter/web-based_pharmacy_product_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-855g-gqf8-49xq: A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1↗2025-04-16

▶

CVEList

SourceCodester Web-based Pharmacy Product Management System edit-product.php sql injection↗2025-04-16

▶

📋Vendor Advisories

Microsoft

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue a↗2022-10-11

▶

Microsoft

libcontainer/user/user.go in runC before 0.1.0 as used in Docker before 1.11.2 improperly treats a numeric UID as a potential username which allows local users to gain privileges via a numeric usernam↗2016-06-14

▶