CVE-2023-7155

Name of the Vulnerable Software and Affected Versions SourceCodester Free and Open Source Inventory Management System version 1.0

Description The issue is related to the lack of protection against SQL query structure exploitation in the /ample/app/action/edit product.php file of the Free and Open Source Inventory Management System. This allows a remote attacker to execute arbitrary SQL queries by manipulating the id argument, leading to SQL injection. The exploit has been disclosed publicly and can be used remotely.

Recommendations For SourceCodester Free and Open Source Inventory Management System version 1.0, as a temporary workaround, consider restricting access to the /ample/app/action/edit product.php file until a patch is available. Additionally, avoid using the id argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.