| Title | Pharmacy-management-system commit a2efc84 SQL Injection |
|---|
| Description | The parameters `med_name`, `med_cat`, and `ex_date` in quantity_upd.php are not sanitized and are directly used in a database query via `mysqli_query`, resulting in a time-based blind SQL injection vulnerability |
|---|
| Source | ⚠️ https://github.com/horytick/CVE/blob/main/SQL%20Injection%20Vulnerability%20in%20Pharmacy%20Management%20System.md |
|---|
| User | moss_mo (UID 47882) |
|---|
| Submission | 07/01/2025 20:13 (10 months ago) |
|---|
| Moderation | 07/07/2025 10:53 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 315138 [krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5 quantity_upd.php med_name/med_cat/ex_date sql injection] |
|---|
| Points | 17 |
|---|