SourceCodester Best Church Management Software SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester Best Church Management Software version 1.1. The issue resides in the file '/admin/app/slider_crud.php', where the 'del_id' parameter can be manipulated to execute unauthorized SQL commands. This vulnerability allows remote attackers to perform time-based blind SQL injection, potentially leading to data extraction from the application's database.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can manipulate database queries to extract information from the database.

Reproduction

To reproduce this vulnerability, send a POST request to '/admin/app/slider_crud.php' with the 'del_id' parameter. The application will process the request and execute the SQL query with the provided 'del_id' value, allowing for SQL injection exploitation.