Meeplace Business Review Script SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Meeplace Business Review Script, allowing unauthenticated attackers to execute arbitrary SQL queries. The vulnerability arises from improper handling of the 'id' parameter in GET requests to the addclick.php endpoint. Exploitation of this vulnerability could lead to unauthorized access to sensitive database information or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could be used to manipulate database queries, extract sensitive information, or cause a denial-of-service condition by disrupting normal database operations.

Reproduction

To reproduce this vulnerability, send a GET request to the addclick.php endpoint with a crafted SQL payload in the 'id' parameter. The injected SQL code can be designed to extract database information or disrupt service by, for example, causing a delay in response.