CVE-2023-7155— Inventory Management System SQL注入漏洞

SourceCodester Free and Open Source Inventory Management System edit_product.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249177 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Inventory Management System SQL注入漏洞

Inventory Management System是stemword个人开发者的一个库存管理系统。 Free and Open Source Inventory Management System 1.0 版本存在SQL注入漏洞，该漏洞源于 /ample/app/action/edit_product.php 页面存在安全问题。

N/A

N/A