| Title | SourceCodester/oretnom23 Stock Management System (SMS-PHP by oretnom23) 1.0 SQL Injection |
|---|
| Description | A SQL injection vulnerability was found in the Back Order page of the Stock Management System `(/sms/admin/?page=back_order/view_bo&id=4`. This vulnerability allows an attacker to inject arbitrary SQL queries through the `id` parameter. Specifically, it is possible to extract sensitive data from the `users` table, including usernames and MD5 hashed passwords, by exploiting the vulnerability with a UNION-based SQL injection payload. |
|---|
| Source | ⚠️ https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/Back-Order/info.md |
|---|
| User | Th3W0lf (UID 84351) |
|---|
| Submission | 05/06/2025 15:58 (1 Year ago) |
|---|
| Moderation | 05/16/2025 09:05 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 309260 [SourceCodester/oretnom23 Stock Management System 1.0 view_bo ID sql injection] |
|---|
| Points | 20 |
|---|