oretnom23 SourceCodester Apartment Visitor Management System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in the Apartment Visitor Management System by oretnom23, specifically in version 1.0. The issue arises in the file '/remove-apartment.php', where the 'id' parameter can be manipulated to inject malicious SQL queries. This vulnerability can be exploited remotely, allowing attackers to interfere with the application's database operations. The vulnerability has been publicly disclosed and is available as a proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for unauthorized manipulation of the application's database. Attackers can read, modify, or delete database information, bypassing the application's security measures. Such actions could lead to a complete compromise of the application's data integrity and security.

Reproduction

To reproduce this vulnerability, send a request to the '/remove-apartment.php' endpoint with a crafted 'id' parameter that includes a SQL injection payload. The injected SQL code can manipulate the application's SQL query execution, exploiting the vulnerability.