Code-Projects Simple Stock System SQL Injection Vulnerability in Logout.php

A SQL injection vulnerability exists in Code-Projects Simple Stock System version 1.0, specifically within the logout.php file. The issue arises because the uname parameter can be manipulated to inject malicious SQL code. This unsanitized input is directly used in SQL queries, allowing attackers to alter the queries and execute unauthorized database operations. The vulnerability can be exploited remotely without any authentication.

Impact

Exploitation of this vulnerability allows attackers to interfere with database queries, potentially leading to unauthorized data access, data manipulation, or execution of administrative operations on the database. Such actions could compromise the entire application and its data integrity.

Reproduction

To reproduce this vulnerability, send a GET request to the logout.php file with a crafted uname parameter that includes SQL injection payloads. The injected SQL code will be executed by the application, manipulating the database as intended by the attacker.

Remediation

It is recommended to use prepared statements and parameterized queries to prevent SQL injection. Additionally, input validation and sanitization should be implemented to ensure that user inputs do not contain malicious content. Minimizing database user permissions can also help reduce the impact of a successful injection.