# Vulnerability Summary: SQL Injection in Pharmacy Sales and Inventory System ## Vulnerability Overview * **Affected Product**: Pharmacy Sales and Inventory System Project V1.0 * **Vulnerability Type**: SQL Injection * **Vulnerable File**: `/ajax.php?action=save_category` * **Vulnerable Parameter**: `id` * **Exploitation Conditions**: No authentication or authorization required * **Root Cause**: The code fails to adequately sanitize or validate the user-supplied `id` parameter, allowing attackers to inject malicious code that executes SQL queries directly. ## Impact Scope * Attackers can leverage this vulnerability to gain unauthorized access to the database. * This may lead to sensitive data leakage, data tampering, system compromise, or even service disruption, posing a severe threat to system security and business continuity. ## Remediation Measures 1. **Use Prepared Statements and Parameter Binding**: Prepared statements separate SQL code from user input data, ensuring that user input is treated strictly as data rather than executable code. 2. **Input Validation and Filtering**: Strictly validate and filter user input data to ensure it conforms to the expected format. 3. **Minimize Database User Privileges**: Ensure that the database account used for connection has only the minimum privileges required for daily operations, avoiding the use of accounts with elevated privileges (e.g., root/admin). 4. **Regular Security Audits**: Conduct regular security audits of code and systems to promptly identify and remediate potential security vulnerabilities. ## POC Code ```text Parameter: id (POST) Type: boolean-based blind Title: Boolean-based blind - Parameter replace (original value) Payload: -----------------3738858121816587200387936454 Content-Disposition: form-data; name="id" (SELECT (CASE WHEN (7479=7479) THEN '1' ELSE (SELECT 5203 UNION SELECT 7749) END)) -----------------3738858121816587200387936454 Content-Disposition: form-data; name="name" 1111 -----------------3738858121816587200387936454-- ```