CVE-2025-10835
BaseFortify
Publication date: 2025-09-23
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mayurik | pet_grooming_management_software | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10835 is a critical SQL injection vulnerability in SourceCodester Pet Grooming Management Software version 1.0. It exists in the file /admin/view_payorder.php due to improper validation of the 'ID' parameter, allowing attackers to inject malicious SQL code. This enables unauthorized access to the database, letting attackers read, modify, or delete sensitive data remotely. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for URLs containing "inurl:admin/view_payorder.php" to identify potentially vulnerable targets. Additionally, monitoring web requests for manipulation of the "ID" parameter in /admin/view_payorder.php can help detect exploitation attempts. Using Google hacking techniques with queries like `inurl:admin/view_payorder.php` can locate vulnerable instances. Network intrusion detection systems (NIDS) can be configured to alert on suspicious SQL injection patterns targeting the ID parameter in this file. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected SourceCodester Pet Grooming Management Software version 1.0 with an alternative product, as no known countermeasures or patches have been reported. Restricting access to the /admin/view_payorder.php file and implementing web application firewalls (WAF) to block SQL injection attempts targeting the ID parameter can help reduce risk. It is critical to avoid using the vulnerable software until a fix or patch is available. [2, 1]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of your system's data. Attackers can remotely exploit it to access, alter, or delete sensitive information stored in the database, potentially leading to data breaches, loss of data integrity, and service disruption. [1, 2]