CVE-2025-9473 MEDIUM

CVE-2025-9473: SourceCodester Online Bank Management System feedback.php sql injection

Vendor Sourcecodester

Product Online Bank Management System

Weakness CWE-89 · SQLi

Published August 26, 2025

Last update August 26, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of the argument msg leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Key dates

02Disclosure timeline

August 26, 2025 CVE published

August 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9473 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2024-49619 WordPress Social Link Groups plugin <= 1.1.0 - SQL Injection vulnerability CVE-2024-5329 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter CVE-2024-10138 code-projects Pharmacy Management System add_new_purchase.php sql injection CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations CVE-2022-2876 SourceCodester Student Management System index.php sql injection