CVE-2024-10138

code-projects Pharmacy Management System add_new_purchase.php sql injection

CVSS 5.3 MEDIUMEPSS 0.5%CWE-89

A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Productos afectados

code-projects · Pharmacy Management System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://code-projects.org/https://gist.github.com/higordiego/26694ace59cbc1e1f8366bef96953569 https://vuldb.com/?ctiid.280926 https://vuldb.com/?id.280926 https://vuldb.com/?submit.425283