| शीर्षक | SourceCodester Web-based Pharmacy Product Management System V1.0 SQL Injection |
|---|
| विवरण | The Web-based Pharmacy Product Management System using PHP and MySQL Database application does not properly validate or sanitize user input for the id parameter. This results in a confirmed SQL Injection vulnerability. An authenticated remote attacker can construct and execute malicious SQL statements through the affected endpoint and backend SQL sink.
The finding was validated through automated testing with sqlmap in the local environment. sqlmap successfully identified the vulnerable parameter, confirmed injectable payload classes, and produced usable confirmation output such as DBMS identification, database enumeration, table enumeration, or dump artifacts. |
|---|
| स्रोत | ⚠️ https://github.com/mjh134/CVE/issues/1 |
|---|
| उपयोगकर्ता | mjh_123 (UID 92618) |
|---|
| सबमिशन | 18/04/2026 05:01 PM (2 महीनों पहले) |
|---|
| संयम | 03/05/2026 07:19 PM (15 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360921 [SourceCodester Web-based Pharmacy Product Management System 1.0 edit-admin.php पहचान SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|