Code-Projects Client Details System SQL Injection Vulnerability in Update Profile Function

A critical SQL injection vulnerability has been identified in Code-Projects Client Details System version 1.0. The issue resides in the admin/update-profile.php file, where the uid parameter is improperly validated. This lack of input sanitization allows authenticated attackers to inject malicious SQL queries, potentially leading to unauthorized data manipulation, data exfiltration, denial-of-service conditions, or even full system compromise via remote code execution.

Impact

Exploitation of this vulnerability allows authenticated attackers to execute arbitrary SQL commands with the privileges of the web application's database user. This could result in unauthorized data manipulation, complete data exfiltration, denial-of-service conditions, or full system compromise through remote code execution, depending on the database server's configuration and privileges.

Reproduction

The vulnerability can be reproduced by sending a GET request to the admin/update-profile.php file with a crafted uid parameter that includes malicious SQL payloads. This can be done manually or using automated tools like sqlmap, which can exploit the vulnerability and extract data from the database.

Remediation

It is recommended to immediately adopt parameterized queries to eliminate SQL concatenation, strengthen input validation and type casting, and enforce the principle of least privilege on the database user.