Code-Projects Online Shoe Store SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in Code-Projects Online Shoe Store version 1.0. The issue arises in the file '/details2.php', where the 'id' parameter is manipulated, allowing for unauthorized database access. This vulnerability can be exploited remotely, and the public disclosure of the exploit suggests it may be actively used.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, remote code execution, depending on the application's database interaction and underlying architecture.

Reproduction

To reproduce this vulnerability, send a request to the '/details2.php' endpoint with a crafted 'id' parameter that includes SQL injection payloads. The absence of input validation or sanitization allows the injected SQL code to be executed, manipulating the database query and potentially exposing or altering database information.