| tiêu đề | code-projects Pharmacy Management System 1.0 SQL Injection |
|---|
| Mô tả | A critical SQL injection vulnerability was identified in the **Pharmacy Management System** version 1.0, specifically in the **add medicine functionality**. This flaw occurs when user input for parameters such as `name`, `packing`, `generic_name`, and `suppliers_name` is improperly sanitized during the medicine addition process. An attacker can manipulate these inputs to inject and execute arbitrary SQL commands, compromising the system’s database security and integrity.
This vulnerability puts the system at significant risk, as it can expose sensitive information such as supplier details and disrupt key pharmaceutical operations. Since no patch is currently available, this issue poses a critical threat and requires immediate mitigation to prevent data breaches and potential system compromise. |
|---|
| Nguồn | ⚠️ https://gist.github.com/higordiego/01a35a20a4e20e937d384b677c000921 |
|---|
| Người dùng | c4ttr4ck (UID 75518) |
|---|
| Đệ trình | 16/10/2024 01:42 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 16/10/2024 08:05 (6 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 280558 [code-projects Pharmacy Management System 1.0 add_new_medicine.php name/packing/generic_name/suppliers_name Tiêm SQL] |
|---|
| điểm | 20 |
|---|