Code-Projects Product Management System Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in Code-Projects Product Management System version 1.0. The issue arises in the 'search_item' function within the Search Product Menu component, where the 'target' parameter can be manipulated without length restrictions. This vulnerability requires local access to exploit and has been publicly disclosed.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing a crash and a memory access violation, which could potentially be leveraged for arbitrary code execution.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the 'search_item' function. After entering the target parameter, input a payload that exceeds 40 bytes to trigger the buffer overflow. This can be done by entering a long string of characters, such as 50 'a' characters, which will cause the application to crash and result in an access violation error.