CVE-2020-24862

HIGH

Pharmacy Medical Store and Sale Point 1.0 - Time-Based Blind SQL Injection via catID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-24862. PoCs published by Moaaz Taha.

AI-analyzed exploit summary The exploit demonstrates a Time-Based Blind SQL Injection vulnerability in Pharmacy Medical Store and Sale Point 1.0 via the 'catId' parameter. It provides a functional sqlmap command to exploit the vulnerability and retrieve database information.

Description

The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases.

Exploits (1)

exploitdb WORKING POC
by Moaaz Taha · textwebappsphp
https://www.exploit-db.com/exploits/48752

The exploit demonstrates a Time-Based Blind SQL Injection vulnerability in Pharmacy Medical Store and Sale Point 1.0 via the 'catId' parameter. It provides a functional sqlmap command to exploit the vulnerability and retrieve database information.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Pharmacy Medical Store and Sale Point 1.0
No auth needed
Prerequisites: Access to the target URL · sqlmap installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0205
EPSS Percentile 78.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
pharmacy_medical_store_and_sale_point_project/pharmacy_medical_store_and_sale_point 1.0
Published Jun 02, 2021
Tracked Since Feb 18, 2026