SQL Injection in Code-Projects Pharmacy Management System 1.0 (CVE-2024-10137)

Key Information 1. Vulnerability ID: - VDB-280925 - CVE-2024-10137 2. Affected Software: - Code-Projects Pharmacy Management System 1.0 3. Affected File: - manage_medicine.php?action=delete 4. Vulnerability Type: - SQL Injection (SQLi) 5. CVSS Meta Temp Score: - 6.0 6. Current Exploit Price: - $0–$5k 7. CTI Interest Score: - 1.57 8. Vulnerability Description: - The vulnerability exists in the file manage_medicine.php?action=delete, where the id parameter accepts external input, leading to SQL injection. The product constructs SQL commands using external input without properly handling or neutralizing special characters, potentially allowing SQL commands to be modified by downstream components. 9. Impact: - Affects confidentiality, integrity, and availability. 10. CVE Description: - The vulnerability exists in Code-Projects Pharmacy Management System 1.0, affecting an unknown processing routine. The id parameter accepts external input, resulting in SQL injection. The attack can be initiated remotely. The vulnerability has been disclosed and may be exploited. 11. Vulnerability Identification: - CVE-2024-10137 12. Exploitability: - Known exploit is easy to perform; remote attacks are possible. Technical details and public exploits are available. MITRE ATT&CK technique T1505 is used in the attack. 13. Exploit Availability: - Exploit is publicly available and can be used as proof-of-concept. 14. Recommendation: - Replace the affected component. 15. Related Vulnerabilities: - VDB-280558, VDB-280559, VDB-280924, VDB-280926 Summary This vulnerability exists in the manage_medicine.php?action=delete file of Code-Projects Pharmacy Management System 1.0, where the id parameter accepts external input, leading to SQL injection. The vulnerability has been disclosed, is easy to exploit, and remote attacks are possible. It is recommended to replace the affected component.

Goal Reached Thanks to every supporter — we hit 100%!

SQL Injection in Code-Projects Pharmacy Management System 1.0 (CVE-2024-10137)