CVE-2025-5002 MEDIUM

CVE-2025-5002: SourceCodester Client Database Management System user_proposal_update_order.php sql injection

Vendor Sourcecodester

Product Client Database Management System

Weakness CWE-89 · SQLi

Published May 20, 2025

Last update May 21, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_proposal_update_order.php. The manipulation of the argument order_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

May 20, 2025 CVE published

May 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-5002 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2022-29410 WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Authenticated SQL Injection (SQLi) vulnerability CVE-2025-5576 PHPGurukul Dairy Farm Shop Management System bwdate-report-details.php sql injection CVE-2025-24665 WordPress Small Package Quotes Plugin <= 2.4.8 - SQL Injection vulnerability CVE-2024-4443 Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter CVE-2024-10159 PHPGurukul Boat Booking System My Profile Page profile.php sql injection