code-projects Pharmacy Management System Add Order Details take_order buffer overflow

Vulnerability

The vulnerability exists in the medicineType::take_order() function of Pharmacy Management System 1.0 [2]. The function uses cin to read user input into fixed-size buffers without length validation, leading to buffer overflows (CWE-120, CWE-125) [2]. Affected fields include customerName, date, menu2[], and quantity[] [2]. The software is written in C++ and the vulnerable code is in the main application source file [2].

Exploitation

An attacker must have local access to the system running the Pharmacy Management System [1]. The exploit requires the attacker to interact with the application by selecting option 1 (take order) and then providing a long string of characters (e.g., 'a' repeated) to overflow the stack [2]. No authentication is needed beyond local access [2]. The POC demonstrates a crash by entering a long payload [2].

Impact

Successful exploitation can lead to memory corruption, arbitrary code execution, or system crashes [2]. The attacker may gain the ability to execute arbitrary code with the privileges of the application, potentially leading to full compromise of the system [2].

Mitigation

As of the publication date (2025-05-18), no official patch has been released by code-projects [1]. The vendor has not provided a fixed version. Users should consider disabling the application or applying input validation patches manually. The vulnerability is publicly disclosed and may be exploited [2].