Unrated severityNVD Advisory· Published Aug 25, 2024· Updated Aug 26, 2024

code-projects Pharmacy Management System index.php sql injection

CVE-2024-8147

Description

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in Pharmacy Management System 1.0 via id parameter in editPharmacist allows remote attackers to execute arbitrary SQL queries.

Vulnerability

A SQL injection vulnerability exists in the file /index.php?action=editPharmacist of code-projects Pharmacy Management System version 1.0. The id parameter is not properly sanitized, allowing an attacker to inject arbitrary SQL commands. The affected version is 1.0.

Exploitation

An attacker can exploit this vulnerability remotely by sending a crafted HTTP request to the vulnerable endpoint with a malicious id parameter. No authentication is required. The exploit has been publicly disclosed, making it straightforward to replicate.

Impact

Successful exploitation allows an attacker to execute arbitrary SQL queries against the database. This can lead to unauthorized access, data exfiltration, modification, or deletion of sensitive information. The impact is critical due to the potential for full database compromise.

Mitigation

As of the publication date (2024-08-25), no official patch has been released by the vendor. Users should consider disabling the vulnerable functionality or implementing input validation and parameterized queries as a workaround. The vendor (code-projects) has not provided a fix.

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Codezips/Pharmacy Management Systemllm-fuzzy
Range: = 1.0
Code Projects/Pharmacy Managementcpe-rescue
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/maqingnan/cve/blob/main/sql2.mdmitreexploit
vuldb.commitrethird-party-advisory
code-projects.orgmitreproduct
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000