SourceCodester Simple Barangay Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Simple Barangay Management System version 1.0. The issue resides in the admin section, specifically within the view_clearance page. The vulnerability allows attackers to manipulate SQL queries by injecting arbitrary SQL code, potentially leading to unauthorized data access or modification.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, navigate to the admin panel and access the view_clearance page. Inject a SQL payload into the 'id' parameter of the request. For example, use a payload that includes a SQL injection, such as '1' union select 1,2,3,4,sqlite_version(),6,7,8,9,10, which exploits the application's SQL query handling by injecting additional SQL commands.