Kidaze CourseSelectionSystem SQL Injection Vulnerability in COUNT3s3.php

A SQL injection vulnerability has been identified in the Kidaze CourseSelectionSystem, specifically in versions up to commit 42cd892b40a18d50bd4ed1905fa89f939173a464. The issue arises in the file '/Profilers/PProfile/COUNT3s3.php', where the 'csem' parameter is manipulated, allowing for remote exploitation. This vulnerability is critical, as it could lead to unauthorized database access, data modification or deletion, and exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries. This could result in unauthorized access to database information, modification or deletion of data, and in some cases, execution of administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/Profilers/PProfile/COUNT3s3.php' with the 'csem' parameter. The injection can be verified by using payloads that exploit boolean-based blind or time-based blind SQL injection techniques. Tools like sqlmap can automate the exploitation process and demonstrate the vulnerability by extracting database information.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection. Additionally, input validation and filtering should be implemented to ensure user input conforms to expected formats. Minimizing database user permissions and conducting regular security audits can also help mitigate such vulnerabilities.