Code-Projects Refugee Food Management System SQL Injection Vulnerability

A SQL injection vulnerability exists in Code-Projects Refugee Food Management System version 1.0, specifically within the file '/home/regfood.php'. The vulnerability arises because the application improperly sanitizes the 'a' parameter before using it in SQL queries. This flaw allows attackers to inject malicious SQL code, manipulate database queries, and execute unauthorized database operations. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'regfood.php' with the 'a' parameter manipulated to include SQL injection payloads. The injection point has been identified as the 'a' parameter in the POST data.