| Title | SourceCodester Stock Management System in PHP V1.0 SQL |
|---|
| Description | During the security review of the "Stock Management System," Wang Haojian discovered a critical SQL injection vulnerability in the createBrand.php file. This vulnerability stems from inadequate validation of user inputs for the username and password parameters, allowing attackers to inject malicious SQL queries. As a result, attackers can gain unauthorized access to the database, modify or delete data, and access sensitive information. Immediate remediation is required to secure the system and protect data integrity.
A SQL injection vulnerability was found in the "createBrand. php" file of the "Inventory Management System" project. The reason for this issue is that the user inputs the 'brandName' from the '$brandName=$$POST ['brandName'] 'and uses it directly in SQL queries without the need for appropriate cleaning or validation. This allows attackers to forge input values, thereby manipulating SQL queries and performing unauthorized operations. |
|---|
| Source | ⚠️ https://github.com/HaojianWang/cve/issues/1 |
|---|
| User | Wang Haojian (UID 69660) |
|---|
| Submission | 05/28/2024 06:57 (2 years ago) |
|---|
| Moderation | 05/30/2024 08:14 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 266586 [SourceCodester Stock Management System 1.0 createBrand.php brandName sql injection] |
|---|
| Points | 20 |
|---|