CVE-2024-10138

code-projects Pharmacy Management System add_new_purchase.php sql injection

CVSS 5.3 MEDIUMEPSS 0.5%CWE-89

A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Produtos afetados

code-projects · Pharmacy Management System

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://code-projects.org/https://gist.github.com/higordiego/26694ace59cbc1e1f8366bef96953569 https://vuldb.com/?ctiid.280926 https://vuldb.com/?id.280926 https://vuldb.com/?submit.425283