# Vulnerability Summary ## Overview - **Vulnerability ID**: #800975 - **Title**: SQL Injection in sourcecodester Pharmacy Sales and Inventory System V1.0 - **Type**: SQL Injection - **Source**: [GitHub Issue](https://github.com/foneyuan/vunls/issues/11) - **Reporter**: christchen11 (UID 82088) - **Submission Time**: 2026/08/09 01:32 PM - **Review Time**: 2026/08/26 09:16 PM - **Status**: Reviewed (Moderation: green) - **VulDB Entry**: [VulDB Entry](https://vuldb.com/?id.229745) ## Impact Scope - **Affected System**: Pharmacy Sales and Inventory System V1.0 - **Affected File**: `ajax.php?action=delete_category` - **Vulnerable Parameter**: `id` - **Root Cause**: Insufficient validation of the user-supplied `id` parameter allows attackers to inject malicious SQL queries. - **Potential Impact**: - Unauthorized access to the database - Modification or deletion of data - Exposure of sensitive information ## Remediation - **Recommended Actions**: Immediate remediation measures are required to ensure system security and protect data. - **Specific Recommendations**: - Perform strict validation and filtering of user inputs. - Use parameterized queries or prepared statements to prevent SQL injection. - Regularly update and maintain the system to ensure all known vulnerabilities are patched. ## POC Code ```php // Example code (hypothetical) // The original code may have the following issues: $id = $_GET['id']; $query = "DELETE FROM categories WHERE id = $id"; mysqli_query($conn, $query); // Example of patched code: $id = $_GET['id']; $stmt = $conn->prepare("DELETE FROM categories WHERE id = ?"); $stmt->bind_param("i", $id); $stmt->execute(); ```