Code-Projects Online Book Shop SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in Code-Projects Online Book Shop version 1.0. The issue resides in the file '/booklist.php', where the 'subcatid' parameter is manipulated, allowing for SQL injection. This vulnerability can be exploited remotely, potentially leading to unauthorized access to the server's database or even remote code execution.

Impact

Exploitation of this vulnerability allows for SQL injection, with the possibility of accessing the database unauthorized or executing remote code, according to a public disclosure.

Reproduction

The vulnerability can be reproduced by sending a request to '/booklist.php' with a crafted 'subcatid' parameter that includes SQL injection payloads. This can be done using tools like SQLMap, which can automate the exploitation of SQL injection vulnerabilities.