SQL Injection in Codezips Pharmacy Management System 1.0 (CVE-2024-9813)

Key Information Product/Register.php Category SQL Injection Vulnerability ID: VDB-279965 - CVE-2024-9813 Product: Codezips Pharmacy Management System 1.0 Affected File: product/register.php Vulnerability Type: SQL Injection CVSS Meta Temp Score: 6.6 Current Exploit Price: $0-$5k CTI Interest Score: 1.29 Description: A critical vulnerability has been identified in the file product/register.php of Codezips Pharmacy Management System 1.0. By manipulating the parameter and using unknown input, an SQL injection vulnerability can be triggered. The product constructs SQL commands using externally influenced input, but fails to properly neutralize or neutralize special elements that could alter the SQL command when sent to downstream components. This affects confidentiality, integrity, and availability. Vulnerability Identification: CVE-2024-9813 Exploit Difficulty: Known to be easily exploitable Attack Vector: Remote Authentication Required: No authentication required for successful exploitation Technical Details: Known Public Exploit: Known MITRE ATT&CK: Uses T1505 attack technique Exploit Tools: Available on github.com Exploit Status: Proof of Concept Search Method: Use Google Hacking search Recommendation: Affected components may need to be replaced Related Entries: VDB-253824, VDB-255463, VDB-259465, VDB-263800 Related Links GitHub VDB-253824 VDB-255463 VDB-259465 VDB-263800 Product and Vendor Product: Codezips Pharmacy Management System 1.0 Vendor: Not specified

Goal Reached Thanks to every supporter — we hit 100%!

SQL Injection in Codezips Pharmacy Management System 1.0 (CVE-2024-9813)