SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.
The vulnerability occurs in the 'id' parameter passed to the manage_bo.php file, which is not properly validated or sanitized before being used in an SQL query. An attacker can inject malicious SQL code over the network without needing any permissions or user interaction. Through a properly crafted SQL payload, it is possible to execute arbitrary code on the server (RCE).
An attacker can gain full control over the database and execute arbitrary code on the server, leading to violations of confidentiality, integrity, and availability of the entire system. Data theft, modification, or complete destruction is possible.
Patches available from the manufacturer should be applied in accordance with references. As a temporary measure, it is recommended to restrict network access to the application, implement firewall rules, and deploy a Web Application Firewall (WAF) blocking typical SQL Injection patterns.
Stock Management System version 1.0 (Stock Management System Project).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HStock Management System Project Stock Management System
APPStock Management System Project1.0
Related vulnerabilities
SQL Injection w Sourcecodester Stock Management System v1.0
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to...
A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue...
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management Sys...
A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnera...