SourceCodester Pet Grooming Management Software SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Pet Grooming Management Software version 1.0. The issue arises in the file /admin/edit_tax.php, where insufficient input validation of the 'id' parameter allows for the injection of malicious SQL queries. This vulnerability can be exploited remotely, potentially leading to unauthorized access to the database, modification or deletion of data, and exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate database queries. This could result in unauthorized data access, data modification or deletion, and exploitation of other vulnerabilities through database access.

Reproduction

To reproduce this vulnerability, send a request to the /admin/edit_tax.php endpoint with a crafted 'id' parameter that includes malicious SQL payloads. The lack of proper input validation will allow the injected SQL to be executed, demonstrating the SQL injection vulnerability.