Primary

Context

Code-Projects Vehicle Showroom Management System SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the Vehicle Showroom Management System version 1.0. The issue resides in the file '/util/MonthTotalReportUpdateFunction.php', where the 'BRANCH_ID' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, without any authentication.

Impact

Exploitation of this vulnerability allows unauthorized access to the database, where attackers can modify or delete data, access sensitive information, and potentially disrupt services.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/util/MonthTotalReportUpdateFunction.php' file with a crafted 'BRANCH_ID' parameter. The injection can be verified using payloads that exploit boolean-based blind or time-based blind SQL injection techniques.

Remediation

No known mitigation is available.

Added: Apr 13, 2026, 2:18 AM

Updated: Apr 13, 2026, 2:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

5.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

5.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Vehicle Showroom Management System SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating