vendor:
Pharmacy Point of Sale System
by:
Janik Wehrli
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Pharmacy Point of Sale System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:pharmacy_point_of_sale_system
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Kali Linux, Windows 10
2021
Pharmacy Point of Sale System 1.0 – SQLi Authentication Bypass
Pharmacy Point of Sale System v1.0 Login can be bypassed with a simple SQLi. An attacker can send a specially crafted HTTP POST request with a username and password parameter containing a SQL injection payload. This payload will bypass the authentication and allow the attacker to gain access to the system.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
