The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases.
CPE | Name | Operator | Version |
---|---|---|---|
pharmacy_medical_store_and_sale_point | eq | 1.0 |