SourceCodester Pet Grooming Management Software SQL Injection Vulnerability in edit.php
Vulnerability
A SQL injection vulnerability has been identified in SourceCodester Pet Grooming Management Software version 1.0. The issue arises in the admin/edit.php file, where the 'id' parameter is manipulated, leading to unauthorized SQL query execution. This vulnerability can be exploited remotely.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a POST request to the /admin/edit.php endpoint with the 'id' parameter. Include a payload that exploits the SQL injection, such as a UNION SELECT statement that extracts database information. The injected SQL code will be executed by the application's database, demonstrating the vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.