| Title | code-projects Web-Based Inventory and POS System 1.0 SQL Injection |
|---|
| Description | SQL injection allows attackers to read, modify or delete sensitive data, bypass authentication, execute system commands and cause data breaches that result in legal and financial damage.
In the transaction.php file of pos-system, the shopid parameters are obtained, and the SQL statement is concatenated to the SQL statement without filtering the execution, resulting in SQL injection vulnerabilities and server permissions |
|---|
| Source | ⚠️ https://github.com/asd1238525/cve/blob/main/SQL7.md |
|---|
| User | LT202108729 (UID 90406) |
|---|
| Submission | 10/01/2025 10:17 (9 months ago) |
|---|
| Moderation | 10/07/2025 14:57 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 327368 [code-projects Web-Based Inventory and POS System 1.0 /transaction.php shopid sql injection] |
|---|
| Points | 20 |
|---|