PT-2021-23310 · Sourcecodester · Sourcecodester Simple Cashiering System

Nu11Secur1Ty

Published

2021-11-03

Updated

2021-12-15

CVE-2021-41492

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sourcecodester Simple Cashiering System (POS) version 1.0

Description Multiple SQL Injection issues exist in the system. These issues are found in three areas: (1) the Product Code in the pos page in cashiering, (2) the id parameter in manage products, and (3) the t parameter in actions.php.

Recommendations For version 1.0, consider disabling the id parameter in manage products and restricting access to the t parameter in actions.php until a patch is available. As a temporary workaround, avoid using the Product Code in the pos page in cashiering. Restrict access to actions.php to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-41492

Affected Products

Sourcecodester Simple Cashiering System

PT-2021-23310 · Sourcecodester · Sourcecodester Simple Cashiering System

CVE-2021-41492

Weakness Enumeration

Related Identifiers

Affected Products

References · 6