Gửi #768047: SourceCodester Inventory System 1.0 SQL Injectionthông tin

tiêu đềSourceCodester Inventory System 1.0 SQL Injection
Mô tảA SQL injection vulnerability exists in SourceCodester Inventory System 1.0. The issue is located in the file purchase_invoice.php. Manipulation of the GET parameter 'purchaseid' leads to UNION-based, boolean-based, or time-based SQL injection. An authenticated attacker can exploit this to retrieve sensitive information directly from the database.
Nguồn⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-PurchaseInvoice-purchaseid.md
Người dùng
 Anonymous User
Đệ trình26/02/2026 07:22 (cách đây 5 các tháng)
Kiểm duyệt08/03/2026 08:24 (10 days later)
Trạng tháiđược chấp nhận
Mục VulDB349759 [SourceCodester Sales and Inventory System 1.0 GET Parameter purchase_invoice.php purchaseid Tiêm SQL]
điểm19

Want to know what is going to be exploited?

We predict KEV entries!