Projectworlds Advanced Library Management System SQL Injection Vulnerability in view_member.php

A SQL injection vulnerability has been identified in the Projectworlds Advanced Library Management System version 1.0. The issue resides in the view_member.php file, specifically within the user_id GET parameter. This vulnerability allows for boolean-based blind, time-based blind, and UNION-based SQL injection, depending on the database and query context. The endpoint is accessible remotely without authentication, enabling attackers to enumerate database contents, extract data, and potentially escalate to full data disclosure or further system compromise.

Impact

Exploitation of this vulnerability allows for unauthorized SQL injection, leading to database enumeration, data extraction, and potential modification or deletion of data, depending on database permissions. Additionally, if user credentials are stored in the database, this vulnerability could facilitate authentication bypass or account takeover.

Reproduction

The vulnerability can be reproduced by sending a GET request to the view_member.php endpoint with a crafted user_id parameter that includes SQL injection payloads. This can be done manually or using automated tools like sqlmap, which can exploit the vulnerability and demonstrate its impact by extracting database information.

Remediation

To address this vulnerability, it is recommended to validate and sanitize user input, ensuring that the user_id parameter is treated as an integer. Additionally, implement parameterized queries or prepared statements to prevent SQL injection. Output encoding should be applied when rendering database content to avoid cross-site scripting (XSS) vulnerabilities. After applying these fixes, conduct thorough testing to ensure the effectiveness of the remediation.