AI description
CVE-2025-46192 is a vulnerability found in SourceCodester Client Database Management System 1.0. It involves SQL Injection in the `user_payment_update.php` file. The vulnerability can be exploited via the `order_id` POST parameter. The vulnerability allows for potential arbitrary file uploads due to missing file extension checks, MIME type validation, and authentication. This could lead to remote code execution by uploading and accessing malicious PHP files.
- Description
- SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-89
- Hype score
- Not currently trending
CVE-2025-46188 CVE-2025-46189 CVE-2025-46190 CVE-2025-46191 CVE-2025-46192 CVE-2025-46193
@lf32dev
12 May 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-46192 ⚠️🔴 CRITICAL (9.8) 🏢 Unknown Vendor - Unknown Product 🏗️ Unknown Version 🔗 https://t.co/zgCKfOjYBk 🔗 https://t.co/I8tpkNX4ID #CyberCron #VulnAlert #InfoSec https://t.co/xuSIYNmbZX
@cybercronai
10 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
الحمدلله 6 cve's دفعة وحده CVE-2025-46188 CVE-2025-46189 CVE-2025-46190 CVE-2025-46191 CVE-2025-46192 CVE-2025-46193
@x6vrn
9 May 2025
14664 Impressions
2 Retweets
108 Likes
45 Bookmarks
23 Replies
2 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lerouxyxchire:client_database_management_system:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFE80DE6-C79F-452F-9523-4EC1F9777DA4"
}
],
"operator": "OR"
}
]
}
]