إرسال #425283: code-projects Pharmacy Management System 1.0 SQL Injectionالمعلومات

عنوانcode-projects Pharmacy Management System 1.0 SQL Injection
الوصفA critical SQL injection vulnerability was identified in the Pharmacy Management System version 1.0, specifically in the supplier validation functionality when checking if a supplier is active (is_active). This flaw arises from improper sanitization of the name parameter, which is sent via a GET request to the endpoint /php/add_new_purchase.php?action=is_supplier. An attacker can exploit this flaw to inject and execute arbitrary SQL commands, compromising the security and integrity of the system's database. This vulnerability poses a significant risk, as it can expose sensitive supplier information and disrupt operations by manipulating purchase flows. With no available patch, this flaw remains critical, requiring immediate attention to prevent data leaks, unauthorized access, or operational disruptions.
المصدر⚠️ https://gist.github.com/higordiego/26694ace59cbc1e1f8366bef96953569
المستخدم
 c4ttr4ck (UID 75518)
ارسال16/10/2024 11:36 PM (2 سنوات منذ)
الاعتدال18/10/2024 06:21 PM (2 days later)
الحالةتمت الموافقة
إدخال VulDB280926 [code-projects Pharmacy Management System 1.0 add_new_purchase.php?action=is_supplier الأسم حقن SQL]
النقاط20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!