Online Store System CMS SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Online Store System CMS version 1.0. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Exploitation involves sending POST requests to index.php with the action=clientaccess parameter, using either boolean-based blind or time-based blind SQL injection payloads in the email field to extract sensitive database information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the database, allowing attackers to read, modify, or delete data. Additionally, such vulnerabilities could be used to exploit other weaknesses in the database management system.

Reproduction

To reproduce this vulnerability, send a POST request to 'index.php' with the 'action=clientaccess' parameter. Include a crafted SQL injection payload in the 'email' field. The application will process the request, and the injected SQL code will be executed, potentially revealing sensitive database information.