Critical Vulnerability Information 1. Vulnerability Overview Affected Endpoint: Affected Parameter: Issue Type: SQL Injection Software URL: https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html 2. Vulnerability Description An SQL injection vulnerability was discovered in the sales list page of the stock management system, specifically in the parameter of the endpoint: . By manipulating the parameter, an attacker can inject arbitrary SQL queries into the backend database. 3. Reproduction Steps 1. Log in to an employee account. 2. Navigate to the vulnerable page: . 3. Modify the parameter with the following payload: 4. The response will contain a concatenated string of usernames and password hashes stored in the table. 4. SQL Injection Payload 5. Proof of Concept (PoC) Screenshots demonstrate the actual impact of the SQL injection attack, revealing sensitive user credentials to the attacker. 6. Impact This vulnerability has a significant impact on the application's security. An attacker who exploits this vulnerability can: 1. Extract usernames and password hashes from the table. 2. Use these hashes to crack passwords. 3. Gain unauthorized access to sensitive areas of the application or escalate privileges.