Code-Projects Web-Based Inventory and POS System SQL Injection Vulnerability in Login.php
Vulnerability
A SQL injection vulnerability has been identified in version 1.0 of the Code-Projects Web-Based Inventory and POS System. The issue arises in the login.php file, where the emailid parameter is manipulated, allowing attackers to execute unauthorized SQL commands. This vulnerability can be exploited remotely, without the need for authentication.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a POST request to the login.php endpoint with the emailid parameter. The SQL injection can be performed by including malicious SQL code in the emailid field, which will be executed by the application's database.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.