Code-Projects Student File Management System SQL Injection Vulnerability in Delete User Function

A SQL injection vulnerability exists in Code-Projects Student File Management System version 1.0, specifically within the admin/delete_user.php file. The vulnerability arises because the user_id POST parameter is directly included in SQL queries without adequate validation or sanitization. This flaw allows remote attackers to inject malicious SQL code, potentially leading to unauthorized database access, data manipulation or deletion, and further system compromise. Exploitation does not require authentication, but the vulnerability could be exploited by an authenticated user with administrative privileges.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data modification or deletion, and potentially allow the attacker to execute additional malicious actions on the system by exploiting the database access.

Reproduction

To reproduce this vulnerability, send a POST request to the admin/delete_user.php file with a crafted user_id parameter that includes SQL injection payloads. The injection can be boolean-based blind, time-based blind, or a UNION query that extracts data from the database.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection. Additionally, input validation and filtering should be implemented to ensure that user input meets expected formats, and database user permissions should be minimized to the least required for operations.