# Vulnerability Summary: SQL Injection in sourcecodedoster Pharmacy Sales and Inventory System V1.0 ## Vulnerability Overview * **Product Name**: Pharmacy Sales and Inventory System V1.0 * **Vulnerability Type**: SQL Injection * **Affected File**: `/ajax.php?action=delete_expired` * **Vulnerable Parameter**: `id` (POST parameter) * **Root Cause**: Attackers can inject malicious code via the `id` parameter, as the input is not properly sanitized or validated. * **Exploitation Conditions**: No authentication or authorization is required to exploit this vulnerability. ## Impact Scope * Attackers can leverage this vulnerability to gain unauthorized access to the database. * This may lead to sensitive data leakage, data tampering, complete compromise of system control, and service disruption. * It poses a severe threat to system security and business continuity. ## Remediation 1. **Use Prepared Statements and Parameter Binding**: Prepared statements separate SQL code from user input data, preventing user input from being interpreted as SQL code. 2. **Input Validation and Filtering**: Strictly validate and filter user input data to ensure it conforms to the expected format. 3. **Minimize Database User Privileges**: Ensure that the account used to connect to the database has only the minimum privileges required to perform its tasks. Avoid using accounts with elevated privileges (such as root or admin) for daily operations. 4. **Regular Security Audits**: Conduct regular code and system security audits to promptly identify and remediate potential security vulnerabilities. ## POC Code ```text Parameter: id (POST) Type: boolean-based blind Title: Boolean-based blind - Parameter replace (original value) Payload: id=(SELECT (CASE WHEN (4784=4784) THEN 5 ELSE (SELECT 7970 UNION SELECT 3350) END)) ```