CVE-2021-40908

Name of the Vulnerable Software and Affected Versions Sourcecodester Purchase Order Management System version v1

Description The issue allows attackers to execute arbitrary SQL commands via the username parameter in the Login.php file. This enables attackers to manipulate the database, potentially leading to unauthorized access or data modification.

Recommendations For Sourcecodester Purchase Order Management System version v1, consider restricting access to the Login.php file until a patch is available, and avoid using the username parameter in a way that could allow SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.