Primary

Context

SourceCodester Client Database Management System SQL Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Client Database Management System version 1.0. This issue resides in the superadmin_phpmyadmin.php file and can be exploited to execute arbitrary code on the server.

Impact

Exploitation of this vulnerability allows for SQL injection, which can be leveraged to execute arbitrary code on the server, potentially leading to a full compromise of the application and its data.

Reproduction

To reproduce this vulnerability, send a crafted SQL query that exploits the application's SQL query handling. This can typically be done through a parameter that interacts with the database, such as a form input or URL query string. The injected SQL should manipulate the database query in a way that executes additional commands, such as retrieving sensitive data or executing administrative functions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SourceCodester Client Database Management System SQL Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating