Code-Projects Simple Shopping Cart SQL Injection Vulnerability in Admin AddItems.php

A SQL injection vulnerability has been identified in Code-Projects Simple Shopping Cart version 1.0, specifically in the Admin/additems.php file. This issue arises from inadequate validation of user input in the 'MULTIPART item_name' parameter, allowing attackers to inject malicious SQL queries. Exploitation of this vulnerability could lead to unauthorized database access, data manipulation, and exposure of sensitive information. Notably, this vulnerability can be exploited remotely without any authentication.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries. This could result in unauthorized data access, data modification or deletion, and execution of arbitrary code through uploaded files, according to the GitHub advisory.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/Admin/additems.php' endpoint with crafted multipart form data. The 'item_name' parameter should be manipulated to include SQL injection payloads, such as boolean-based or time-based blind injection techniques. Additionally, the 'item_image' parameter can be used to upload a PHP file that executes injected code.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection, validate and filter user input, minimize database user permissions, and conduct regular security audits.