Online Artwork and Fine Arts SQL Injection Vulnerability in Cancel Booking Page
Vulnerability
A SQL injection vulnerability has been identified in the Online Artwork and Fine Arts MCA Project version 1.0. The issue resides in the 'id2' parameter of the 'cancel_booking.php' page. This vulnerability allows remote attackers to inject arbitrary SQL queries, which could lead to database enumeration and potentially allow for remote code execution.
Impact
Exploitation of this vulnerability could result in unauthorized database access, allowing attackers to read, modify, or delete database information. Additionally, according to the discoverer, this vulnerability could be exploited to execute arbitrary code on the server.
Reproduction
To reproduce this vulnerability, send a request to the 'cancel_booking.php' page with a crafted 'id2' parameter that includes SQL injection payloads. The injected SQL code can manipulate the original SQL query, potentially leading to unauthorized data access or execution of malicious code.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.