CVE-2025-10836 is a SQL Injection vulnerability identified in SourceCodester Pet Grooming Management Software version 1.0. The vulnerability exists in an unspecified function within the /admin/print1.php file, where manipulation of the 'ID' parameter allows an attacker to inject malicious SQL code. This injection flaw can be exploited remotely without requiring authentication or user interaction, making it a significant risk. The vulnerability allows attackers to interfere with the application's database queries, potentially leading to unauthorized data access, data modification, or deletion. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the ease of exploitation (network vector, no privileges or user interaction required) and the limited confidentiality, integrity, and availability impact (low to medium). The vulnerability has been publicly disclosed, and exploit code is available, increasing the risk of exploitation. However, there are no known exploits actively used in the wild at this time, and no official patches have been released by the vendor. The lack of patches and public exploit availability necessitate immediate attention from organizations using this software.

For European organizations using SourceCodester Pet Grooming Management Software 1.0, this vulnerability poses a risk of unauthorized access to sensitive customer and business data stored in the backend database. Attackers exploiting this flaw could extract personal information, manipulate grooming records, or disrupt business operations by altering or deleting data. This could lead to reputational damage, regulatory non-compliance (especially under GDPR due to potential personal data exposure), and financial losses. Since the software is niche, the direct impact may be limited to small and medium enterprises in the pet care sector. However, any breach involving personal data in Europe can trigger significant legal and financial consequences. The remote and unauthenticated nature of the attack vector increases the likelihood of exploitation if the software is internet-facing or accessible from untrusted networks.

Organizations should immediately audit their use of SourceCodester Pet Grooming Management Software to determine if version 1.0 is deployed. If so, they should restrict access to the /admin/print1.php endpoint by implementing network-level controls such as IP whitelisting or VPN access to administrative interfaces. Input validation and parameterized queries should be implemented to prevent SQL injection; if the vendor has not released a patch, organizations may need to apply custom code fixes or engage security professionals to remediate the vulnerable code. Monitoring and logging database queries for suspicious activity can help detect exploitation attempts. Additionally, organizations should isolate the application from the public internet where possible and ensure regular backups are in place to recover from potential data tampering. Finally, organizations should stay alert for vendor updates or patches addressing this vulnerability and apply them promptly once available.