CVE-2025-10430:SQL injection vulnerability in SourceCodester Pet Grooming Management Software 1.0 allows remote attackers to manipulate database queries via the ID parameter in /admin/barcode.php.

splash
Back

Description Preview

A critical vulnerability has been identified in SourceCodester Pet Grooming Management Software version 1.0. The flaw exists in the /admin/barcode.php file, where improper handling of user input allows for SQL injection attacks. By manipulating the ID parameter, an attacker can potentially execute arbitrary SQL commands on the underlying database. This vulnerability can be exploited remotely and requires low privileges. The exploit for this vulnerability has been made public, increasing the risk of active exploitation.

Overview

The vulnerability in SourceCodester Pet Grooming Management Software 1.0 is classified as a SQL injection flaw, associated with CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-74 (Improper Neutralization of Special Elements used in Other Commands). The CVSS v3.1 base score is 6.3, indicating a medium severity level. The attack vector is network-based, with low attack complexity and no user interaction required. The vulnerability affects the confidentiality, integrity, and availability of the system, each to a low degree. Exploitation of this vulnerability could lead to unauthorized access to sensitive data, modification of database contents, or potential disruption of service.

Remediation

To address this vulnerability, the following steps are recommended:

  1. Update the SourceCodester Pet Grooming Management Software to the latest version if a patch is available.
  2. Implement proper input validation and sanitization for all user-supplied data, especially the ID parameter in the affected file.
  3. Use parameterized queries or prepared statements to prevent SQL injection attacks.
  4. Apply the principle of least privilege to database accounts used by the application.
  5. Regularly audit and review the application code for security vulnerabilities.
  6. Implement web application firewalls (WAF) as an additional layer of protection against SQL injection attempts.
  7. Conduct thorough penetration testing and security assessments to identify and address any remaining vulnerabilities.

References

[1] GitHub - Pet Grooming Management Software vulnerability details. https://github.com/joinia/webray.com.cn/blob/main/Pet-grooming-management-software/petgrooming-sql-barcode.md

[2] VulDB - CVE-2025-10430 CTI entry. https://vuldb.com/?ctiid.323864

[3] VulDB - CVE-2025-10430 detailed information. https://vuldb.com/?id.323864

[4] VulDB - Submission page for CVE-2025-10430. https://vuldb.com/?submit.647488

[5] VulDB - Additional submission page for CVE-2025-10430. https://vuldb.com/?submit.647622

[6] SourceCodester - Official website. https://www.sourcecodester.com/

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services: Low
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Construction: Low
    Construction
  6. Educational Services: Low
    Educational Services
  7. Finance and Insurance: Low
    Finance and Insurance
  8. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background