| Title | haxxorsid stock-management-system 1.0 SQL Injection |
|---|
| Description | haxxorsid/stock-management-system uses string concatenation to construct SQL statements to query data, but does not filter all the variables involved in concatenation, resulting in unauthorized users can inject malicious SQL statements to query sensitive data or perform malicious database operations. |
|---|
| Source | ⚠️ https://github.com/ixpqxi/CVE_LIST/blob/master/stock_management_system/sql_injection_vulnerability.md |
|---|
| User | ixpqxi (UID 83247) |
|---|
| Submission | 12/01/2025 04:00 (6 months ago) |
|---|
| Moderation | 12/12/2025 12:14 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 336192 [haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0 model/User.php employee_id/id/admin sql injection] |
|---|
| Points | 17 |
|---|