| Título | code-projects Pharmacy Management System 1.0 SQL Injection |
|---|
| Descrição | A **critical SQL injection vulnerability** has been identified in the **Pharmacy Management System** version 1.0, specifically during the **invoice creation process**. The issue lies in how the system retrieves the list of medicines based on a search query passed through the `text` parameter. The input is not properly sanitized, allowing attackers to inject and execute arbitrary SQL commands.
When creating a new invoice, the system queries the medicine database using the `text` parameter to display matching results. However, the lack of input validation makes it vulnerable to SQL injection attacks. Exploiting this flaw could allow unauthorized access to sensitive data, such as medicine inventory details, and even manipulation or deletion of records. This vulnerability is **critical**, as it compromises both the availability and integrity of the system. Immediate remediation is necessary to avoid disruption of pharmaceutical operations and data breaches. |
|---|
| Fonte | ⚠️ https://gist.github.com/higordiego/be616d2853a9f1820d8558fc00e97e24 |
|---|
| Utilizador | c4ttr4ck (UID 75518) |
|---|
| Submissão | 19/10/2024 17h59 (há 1 Ano) |
|---|
| Moderação | 20/10/2024 20h49 (1 day later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 281021 [code-projects Pharmacy Management System 1.0 /add_new_invoice.php text Injeção SQL] |
|---|
| Pontos | 20 |
|---|