Submit #553624: Sourcecodester Web-based Pharmacy Product Management System v1.0 SQL Injectioninfo

TitleSourcecodester Web-based Pharmacy Product Management System v1.0 SQL Injection
Description**Vulnerability Summary: SQL Injection in Pharmacy Management System (v1.0)** **Critical Security Advisory** **Affected System:** Web-based Pharmacy Product Management System (Version ≤1.0) **Vulnerability Type:** SQL Injection (CWE-89) **Severity Level:** CRITICAL (CVSS: 9.1) **Discovered By:** yaklang.io, IRify, Yakit **Core Vulnerability:** Multiple endpoints (including edit-product.php and edit-admin.php) improperly concatenate unsanitized user input into SQL queries, enabling full database compromise through: 1. **Direct Injection Points:** - Session email parameter ($_SESSION['login_email']) - Product ID parameter ($_GET['id']) 2. **Exploitation Vectors:** - Authentication bypass via `' OR '1'='1` payloads - Full database enumeration through UNION-based attacks - Privilege escalation via session manipulation **Technical Impact:** - Complete database disclosure (including PHI/PII) - Administrative privilege acquisition - Persistent backdoor installation - Supply chain contamination risk **Proof of Concept:** ```sql /edit-product.php?id=' UNION SELECT 1,2,3,4,5,6,7,CONCAT(user(),0x3a,database())-- - ``` *Returns database credentials in product image field* **Immediate Mitigations:** 1. **Code-Level Fixes:** - Implement PDO prepared statements: ```php $stmt = $dbh->prepare("SELECT * FROM tblproduct WHERE ID = ?"); $stmt->execute([$id]); ``` 2. **System Hardening:** - Apply principle of least privilege to DB accounts - Implement query whitelisting - Deploy RASP (Runtime Application Self-Protection) **Long-Term Recommendations:** - Migrate to ORM framework (Eloquent/Doctrine) - Implement continuous DAST scanning - Enforce parameterized queries organization-wide **Compliance Implications:** This vulnerability constitutes a HIPAA violation risk due to potential PHI exposure. Immediate patching is required for regulatory compliance. **Disclosure Timeline:** - 0-Day → Vendor notified - 7 Days → Public disclosure (if unpatched) **References:** - OWASP Top 10 2021: A03 Injection - NIST SP 800-115: SQLi Countermeasures - HIPAA Security Rule §164.308(a)(5) This vulnerability enables complete system compromise and requires emergency remediation. Organizations should assume breach and conduct forensic audits if exposed.
Source⚠️ https://github.com/yaklang/IRifyScanResult/blob/main/Web-based%20Pharmacy%20Product%20Management%20System/sql_inject_in_edit.md
User
 lingze (UID 83608)
Submission04/08/2025 16:28 (1 Year ago)
Moderation04/16/2025 03:48 (7 days later)
StatusAccepted
VulDB entry304985 [SourceCodester Web-based Pharmacy Product Management System 1.0 /edit-product.php ID sql injection]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!