Code-Projects Online Book Shop SQL Injection Vulnerability in subcat.php

A critical SQL injection vulnerability has been identified in Code-Projects Online Book Shop version 1.0. The issue arises in the file subcat.php, where the cat parameter is manipulated to execute unauthorized SQL queries. This vulnerability can be exploited remotely, potentially leading to unauthorized access to the application's database or even remote code execution.

Impact

Exploitation of this vulnerability allows for SQL injection, with the possibility of accessing or manipulating the application's database. According to the vulnerability disclosure, this could also lead to remote code execution.

Reproduction

To reproduce this vulnerability, send a request to the subcat.php file with a crafted cat parameter. The absence of input validation or sanitization allows for the injection of malicious SQL code, which can be executed by the application's database engine. Once the SQL injection is successful, it may be possible to extract database information or execute commands on the server, depending on the application's database configuration and permissions.