SourceCodester Simple Barangay Management System SQL Injection Vulnerability

A SQL injection vulnerability exists in SourceCodester Simple Barangay Management System version 1.0. The issue is located in the admin panel, specifically within the view_household page of the barangay_management module. The vulnerability allows attackers to manipulate SQL queries by injecting malicious payloads, potentially leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, navigate to the admin panel and access the view_household page within the barangay_management module. Inject a SQL payload into the id parameter of the request. For example, use a payload that includes a SQL injection, such as ' union select 1,2,3,4,5,6,sqlite_version(),8,9,10,11,12--+. This injection exploits the application's SQL query handling, demonstrating the vulnerability.