SourceCodester AC Repair and Services System SQL Injection Vulnerability in manage_service.php
Vulnerability
A critical SQL injection vulnerability has been identified in SourceCodester AC Repair and Services System version 1.0. The issue resides in the file /admin/services/manage_service.php, where the manipulation of the 'ID' argument allows for SQL injection. This vulnerability can be exploited remotely without any authentication.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to the database. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a request to the /admin/services/manage_service.php file with a crafted 'ID' argument that exploits the application's SQL query handling. The lack of input validation allows for the injection of malicious SQL code, which the database will execute. This vulnerability can be discovered using Google Hacking by searching for 'inurl:admin/services/manage_service.php'.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.