CVE Details
Basic Information
| Title |
CVE-2025-4924 |
| Type |
cve |
| Published |
2025-05-19T09:15:25 |
| Last Seen |
2025-05-19T09:22:35 |
CVSS Information
| Base Score |
7.3 (HIGH) |
| Attack Vector |
NETWORK |
| Attack Complexity |
LOW |
| Privileges Required |
NONE |
| User Interaction |
NONE |
| Scope |
UNCHANGED |
| Confidentiality Impact |
LOW |
| Integrity Impact |
LOW |
| Availability Impact |
LOW |
AI Analysis
| AI Description |
A critical vulnerability in SourceCodester Client Database Management System 1.0 allows remote attackers to execute arbitrary code or perform SQL injection via the ‘order_id’ parameter in the ‘/user_void_transaction.php’ file. The vulnerability is due to improper input validation and sanitization. |
| AI Severity |
High |
| Vendor |
SourceCodester |
| Product |
Client Database Management System |
| Affected Version |
1.0 |
Additional Information
| CVE List |
CVE-2025-4924 |
| CWE List |
CWE-74, CWE-89 |
| Bulletin Family |
cve |
Description
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /user_void_transaction.php. The manipulation of the argument order_id leads to…
CVSS Score Summary
Base Score: %!f(string=#) (HIGH)
View Full CVE Details
