Code-Projects Web-Based Inventory and POS System SQL Injection Vulnerability in Transaction.php
Vulnerability
A SQL injection vulnerability has been identified in the Web-Based Inventory and POS System version 1.0, developed by Code-Projects. The issue arises in the file transaction.php, where the shopid parameter is manipulated, allowing attackers to inject malicious SQL code. This vulnerability can be exploited remotely, potentially leading to unauthorized access to the database and manipulation of sensitive information.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a POST request to the transaction.php file with the shopid parameter. The SQL injection can be performed by injecting malicious SQL code into the shopid parameter, which is then executed by the application without proper sanitization.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.