Primary

Context

SourceCodester AC Repair and Services System SQL Injection Vulnerability

Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester AC Repair and Services System version 1.0. The issue arises in the 'save_users' function within the '/classes/Users.php' file, where improper handling of the 'ID' argument allows for SQL injection. This vulnerability can be exploited remotely, without authentication.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate database queries, potentially leading to unauthorized data access or modification.

Reproduction

The vulnerability can be reproduced by sending a request to the 'save_users' function in the '/classes/Users.php' file, with a crafted 'ID' argument that exploits the SQL injection flaw. Vulnerable targets can be found using Google Hacking by searching for 'inurl:classes/Users.php'.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SourceCodester AC Repair and Services System SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating