SourceCodester Food Ordering Management System SQL Injection Vulnerability in View Menu Endpoint
Vulnerability
A critical SQL injection vulnerability has been identified in SourceCodester Food Ordering Management System versions through 1.0. The issue resides in the admin menus view_menu.php file, where the ID parameter can be manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, log into the application as an admin. Navigate to the menu list page and select the 'View' option for any menu item. Once the view_menu.php page is loaded, modify the URL to include a crafted SQL injection payload in the ID parameter. The response will reveal the database version, indicating successful exploitation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.