Code-Projects Online Book Shop SQL Injection Vulnerability in detail.php

A critical SQL injection vulnerability has been identified in Code-Projects Online Book Shop version 1.0. The issue resides in the detail.php file, where the id parameter is manipulated without proper validation or sanitization, allowing remote attackers to inject malicious SQL code. This vulnerability could be exploited to gain unauthorized access to the application's database or potentially execute remote code.

Impact

Exploitation of this vulnerability allows for SQL injection, with the possibility of accessing or manipulating the application's database. According to the vulnerability disclosure, this SQL injection could be leveraged for remote code execution.

Reproduction

To reproduce this vulnerability, send a request to the detail.php file with a crafted id parameter that includes malicious SQL code. The lack of input validation will allow the injected SQL to be executed, manipulating the database or extracting sensitive information.