Description
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Published: 2026-04-30
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the SourceCodester Pet Grooming Management Software allows attackers to inject arbitrary SQL through the /admin/update_customer.php endpoint by manipulating argument type and length parameters. This vulnerability is a classic SQL injection, tied to CWE-74 and CWE-89, enabling attackers to read, modify, or delete data in the underlying database, potentially compromising confidentiality, integrity, and availability of customer information.

Affected Systems

The affected product is SourceCodester Pet Grooming Management Software version 1.0. No additional affected versions are listed. The flaw resides in the administrative update_customer.php script.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. EPSS information is unavailable, so the likelihood of exploitation is unknown but the vulnerability is publicly disclosed and the exploit is published. The vulnerability is not currently listed in the CISA KEV catalog. An attacker can exploit this remotely, as stated in the description, by sending crafted requests to the vulnerable endpoint.

Generated by OpenCVE AI on April 30, 2026 at 03:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch for SourceCodester Pet Grooming Management Software.
  • If a patch is not yet available, restrict remote access to the /admin/update_customer.php endpoint to trusted IP addresses.
  • Implement input validation or use parameterized queries in the update_customer.php script to prevent SQL injection.

Generated by OpenCVE AI on April 30, 2026 at 03:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester pet Grooming Management Software
Vendors & Products Sourcecodester
Sourcecodester pet Grooming Management Software

Thu, 30 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Title SourceCodester Pet Grooming Management Software update_customer.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Pet Grooming Management Software
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-30T12:10:32.285Z

Reserved: 2026-04-29T16:59:28.996Z

Link: CVE-2026-7447

cve-icon Vulnrichment

Updated: 2026-04-30T12:10:24.279Z

cve-icon NVD

Status : Deferred

Published: 2026-04-30T01:16:02.990

Modified: 2026-04-30T14:52:54.847

Link: CVE-2026-7447

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T03:45:06Z

Weaknesses