Needyamin Library Card System SQL Injection Vulnerability in card.php

A critical SQL injection vulnerability has been identified in Needyamin Library Card System version 1.0. The issue arises in the file card.php, where the id parameter can be manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely, potentially leading to unauthorized access to user data, database leaks, and exposure of admin panel credentials.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with the application's database queries. This could result in unauthorized data access, data manipulation, or in some cases, executing administrative operations within the application.

Reproduction

The vulnerability can be reproduced by sending a request to card.php with a crafted id parameter that includes SQL injection payloads. For example, appending a SQL injection payload to the id parameter can exploit the vulnerability and manipulate the application's database queries.