CVE-2025-10429 is a medium-severity SQL Injection vulnerability identified in SourceCodester Pet Grooming Management Software version 1.0. The vulnerability exists in the /admin/ajax_product.php file, specifically in the handling of the 'drop_services' argument. An attacker can remotely manipulate this parameter to inject malicious SQL code. This flaw allows unauthorized modification or retrieval of database information by exploiting improper input sanitization. The vulnerability does not require user interaction or authentication, increasing its risk profile. The CVSS 4.0 score is 5.3, reflecting a network attack vector with low complexity and no privileges required, but limited impact on confidentiality, integrity, and availability. Although no public exploits are currently known in the wild, the exploit code has been published, making exploitation feasible. The vulnerability affects only version 1.0 of the software, which is a niche management tool for pet grooming businesses. The lack of available patches or vendor advisories suggests that organizations using this software must take immediate protective measures. The vulnerability could lead to unauthorized data access, data manipulation, or potential disruption of the application’s database operations.

For European organizations using SourceCodester Pet Grooming Management Software 1.0, this vulnerability poses a tangible risk of data breaches and operational disruption. Pet grooming businesses often handle sensitive customer data, including personal identification and payment information. Exploitation could lead to unauthorized disclosure of customer records, impacting privacy compliance under GDPR. Additionally, attackers could alter service records or pricing data, leading to financial loss or reputational damage. The remote, unauthenticated nature of the attack vector increases the likelihood of exploitation, especially if the software is exposed to the internet without adequate network protections. While the software’s niche market limits widespread impact, small and medium enterprises in the pet care sector across Europe could be targeted, particularly those with limited cybersecurity resources. The absence of patches or mitigations from the vendor increases the urgency for organizations to implement compensating controls to prevent exploitation.

Organizations should immediately audit their use of SourceCodester Pet Grooming Management Software to confirm if version 1.0 is deployed. If so, restrict access to the /admin/ajax_product.php endpoint by implementing network-level controls such as IP whitelisting or VPN access to administrative interfaces. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the 'drop_services' parameter. Conduct thorough input validation and sanitization on all user-supplied data, if possible by modifying the application code or using middleware filters. Monitor logs for suspicious activity related to the vulnerable endpoint. If feasible, isolate the application database with strict least-privilege access controls to limit the impact of any successful injection. Regularly back up databases to enable recovery from potential data manipulation. Engage with the vendor or community to seek patches or updates, and consider migrating to alternative software if no remediation is forthcoming.