Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.
An attacker can inject malicious SQL code through parameters passed to the editCategories.php script without any authentication. Lack of proper validation and sanitization of input data allows manipulation of queries directed to the database. This makes it possible to read, modify or delete data stored in the database.
An attacker can gain full access to the system's database — read sensitive data, modify it or delete it, and depending on server configuration, potentially take control of the system.
Patches available from the manufacturer should be applied according to references. As a temporary workaround, it is recommended to restrict access to the application at the firewall level and implement WAF rules blocking SQL Injection attempts.
Sourcecodester Stock Management System v1.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HStock Management System Project Stock Management System
APPStock Management System Project1.0
Related vulnerabilities
SQL Injection umożliwiający RCE w Stock Management System 1.0
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to...
A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue...
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management Sys...
A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnera...