| Title | code-projects Pharmacy Management System 1.0 SQL Injection |
|---|
| Description | A critical SQL injection vulnerability was identified in the **Pharmacy Management System** version 1.0, specifically in the **Manager Purchase search functionality**. The flaw is triggered through the `text` parameter sent via a **GET** request to the endpoint `/php/manage_purchase.php?action=search&text=3213&tag=VOUCHER_NUMBER`. Attackers can manipulate the `text` input to execute arbitrary SQL commands, compromising the database's integrity and security. |
|---|
| Source | ⚠️ https://gist.github.com/higordiego/439f2af836c2c7d6075ba9de2e1169da |
|---|
| User | c4ttr4ck (UID 75518) |
|---|
| Submission | 10/15/2024 23:13 (2 years ago) |
|---|
| Moderation | 10/16/2024 08:05 (9 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 280556 [code-projects Pharmacy Management System 1.0 text sql injection] |
|---|
| Points | 20 |
|---|