| शीर्षक | SourceCodester Sales and Inventory System 1.0 SQL Injection |
|---|
| विवरण | A SQL Injection vulnerability was discovered in version 1.0 of the Inventory System. The issue affects the view_category.php component. The application fails to properly sanitize the searchtxt parameter within HTTP POST requests used by the category search functionality. This flaw permits an authenticated attacker to inject and execute arbitrary SQL commands. As the backend DBMS is MySQL, the vulnerability can be exploited using UNION-based, Boolean-based blind, and Time-based blind techniques, ultimately allowing attackers to exfiltrate sensitive database content and enumerate the backend database structure. |
|---|
| स्रोत | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-ViewCategory-searchtxt.md |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 08/03/2026 03:10 PM (2 महीनों पहले) |
|---|
| संयम | 22/03/2026 09:42 AM (14 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 352406 [SourceCodester Sales and Inventory System 1.0 HTTP POST Request /view_category.php searchtxt SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|