This vulnerability affects SourceCodester Pet Grooming Management Software 1.0, specifically in the /admin/update_customer.php script. Improper validation of input parameters leads to SQL injection, enabling remote attackers to manipulate database queries. The CVSS 4.0 score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges required, no user interaction, and low to limited impact on confidentiality, integrity, and availability. No official patch or vendor remediation level has been published as of now.

Successful exploitation could allow an attacker to execute arbitrary SQL commands on the backend database remotely. This may lead to unauthorized data access or modification depending on the database privileges. The impact is rated medium due to limited scope and complexity, and no confirmed exploitation in the wild has been reported yet.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting access to the affected admin functionality, applying web application firewalls to detect and block SQL injection attempts, and reviewing input validation controls. Monitor vendor channels for updates and patches.