SourceCodester Pet Grooming Management Software SQL Injection Vulnerability in ajax_represent.php
Vulnerability
A SQL injection vulnerability has been identified in SourceCodester Pet Grooming Management Software version 1.0. The issue arises in the file /admin/ajax_represent.php, where the 'id' parameter is not properly validated or sanitized. This lack of input validation allows for malicious manipulation of the 'id' argument, leading to unauthorized SQL command execution. The vulnerability can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, log into the application and navigate to the /admin/ajax_represent.php endpoint. Once there, send a POST request with a crafted 'id' parameter that includes SQL injection payloads. The injected SQL code will be executed by the database, demonstrating the vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.