CVE Details
Basic Information
| Title |
CVE-2025-4935 |
| Type |
cve |
| Published |
2025-05-19T14:15:27 |
| Last Seen |
2025-05-19T14:18:23 |
CVSS Information
| Base Score |
7.3 (HIGH) |
| Attack Vector |
NETWORK |
| Attack Complexity |
LOW |
| Privileges Required |
NONE |
| User Interaction |
NONE |
| Scope |
UNCHANGED |
| Confidentiality Impact |
LOW |
| Integrity Impact |
LOW |
| Availability Impact |
LOW |
AI Analysis
| AI Description |
A SQL injection vulnerability in SourceCodester Stock Management System 1.0 allows remote attackers to inject malicious SQL code via the user_id parameter in changePassword.php. This can lead to unauthorized data access and modification. The vulnerability has been publicly disclosed. |
| AI Severity |
High |
| Vendor |
SourceCodester |
| Product |
SourceCodester Stock Management System |
| Affected Version |
1.0 |
Additional Information
| CVE List |
CVE-2025-4935 |
| CWE List |
CWE-89, CWE-74 |
| Bulletin Family |
cve |
Description
A vulnerability was found in SourceCodester Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: %!f(string=#) (HIGH)
View Full CVE Details
