Code-Projects Online Bus Reservation System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in Code-Projects Online Bus Reservation System version 1.0. The issue arises in the file print.php, where the ID parameter is not properly sanitized before being used in SQL queries. This lack of filtration allows attackers to inject malicious SQL statements, potentially compromising the application's database. The vulnerability can be exploited remotely, and details of the exploit have been made public.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to print.php with an unsanitized ID parameter. The injection can be verified by using payloads that, for example, cause a SQL error or delay the response, indicating that the injected SQL code was executed.