CVE-2024-10021

Name of the Vulnerable Software and Affected Versions code-projects Pharmacy Management System version 1.0

Description A critical issue has been discovered, affecting some unknown functionality of the file /php/manage purchase.php?action=search&tag=VOUCHER NUMBER. The manipulation of the text argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For version 1.0, update the software to a patched version to prevent unauthorized access and data theft. As a temporary workaround, consider restricting access to the /php/manage purchase.php file to minimize the risk of exploitation. Avoid using the text argument in the affected API endpoint until the issue is resolved.