Submit #553624: Sourcecodester Web-based Pharmacy Product Management System v1.0 SQL Injectioninfo

TitelSourcecodester Web-based Pharmacy Product Management System v1.0 SQL Injection
Beschreibung**Vulnerability Summary: SQL Injection in Pharmacy Management System (v1.0)** **Critical Security Advisory** **Affected System:** Web-based Pharmacy Product Management System (Version ≤1.0) **Vulnerability Type:** SQL Injection (CWE-89) **Severity Level:** CRITICAL (CVSS: 9.1) **Discovered By:** yaklang.io, IRify, Yakit **Core Vulnerability:** Multiple endpoints (including edit-product.php and edit-admin.php) improperly concatenate unsanitized user input into SQL queries, enabling full database compromise through: 1. **Direct Injection Points:** - Session email parameter ($_SESSION['login_email']) - Product ID parameter ($_GET['id']) 2. **Exploitation Vectors:** - Authentication bypass via `' OR '1'='1` payloads - Full database enumeration through UNION-based attacks - Privilege escalation via session manipulation **Technical Impact:** - Complete database disclosure (including PHI/PII) - Administrative privilege acquisition - Persistent backdoor installation - Supply chain contamination risk **Proof of Concept:** ```sql /edit-product.php?id=' UNION SELECT 1,2,3,4,5,6,7,CONCAT(user(),0x3a,database())-- - ``` *Returns database credentials in product image field* **Immediate Mitigations:** 1. **Code-Level Fixes:** - Implement PDO prepared statements: ```php $stmt = $dbh->prepare("SELECT * FROM tblproduct WHERE ID = ?"); $stmt->execute([$id]); ``` 2. **System Hardening:** - Apply principle of least privilege to DB accounts - Implement query whitelisting - Deploy RASP (Runtime Application Self-Protection) **Long-Term Recommendations:** - Migrate to ORM framework (Eloquent/Doctrine) - Implement continuous DAST scanning - Enforce parameterized queries organization-wide **Compliance Implications:** This vulnerability constitutes a HIPAA violation risk due to potential PHI exposure. Immediate patching is required for regulatory compliance. **Disclosure Timeline:** - 0-Day → Vendor notified - 7 Days → Public disclosure (if unpatched) **References:** - OWASP Top 10 2021: A03 Injection - NIST SP 800-115: SQLi Countermeasures - HIPAA Security Rule §164.308(a)(5) This vulnerability enables complete system compromise and requires emergency remediation. Organizations should assume breach and conduct forensic audits if exposed.
Quelle⚠️ https://github.com/yaklang/IRifyScanResult/blob/main/Web-based%20Pharmacy%20Product%20Management%20System/sql_inject_in_edit.md
Benutzer
 lingze (UID 83608)
Einreichung08.04.2025 16:28 (vor 1 Jahr)
Moderieren16.04.2025 03:48 (7 days later)
StatusAkzeptiert
VulDB Eintrag304985 [SourceCodester Web-based Pharmacy Product Management System 1.0 /edit-product.php ID SQL Injection]
Punkte20

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!