Code-Projects Product Management System Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in Code-Projects Product Management System version 1.0. The issue arises in the 'add_item' function, where the 'st.productname' argument can be manipulated without proper length validation. This vulnerability requires local exploitation and could lead to a denial-of-service condition or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to a denial-of-service condition and potentially allow for arbitrary code execution.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the 'add_item' function. After entering the username and password, select the option to add an item. Enter a payload into the 'productname' field that exceeds the buffer limit, such as a string of 'a' characters. This will cause a stack overflow, which can be observed by the resulting 'EXCEPTION_ACCESS_VIOLATION' error.