Code-Projects E-Commerce Website SQL Injection Vulnerability in Supplier Update Page
Vulnerability
A critical SQL injection vulnerability has been identified in Code-Projects E-Commerce Website version 1.0. The issue resides in the supplier_update.php file, where the supp_id parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, without authentication, potentially leading to unauthorized database access, data modification or deletion, and exposure of sensitive information.
Impact
Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
The vulnerability can be reproduced by sending a request to the supplier_update.php page with a crafted supp_id parameter that includes malicious SQL code. This can be done manually or using automated tools that exploit SQL injection vulnerabilities.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.