Code-Projects News-Buzz Content Management System SQL Injection Vulnerability in Users Management File

A critical SQL injection vulnerability has been identified in Code-Projects News-Buzz version 1.0, specifically within the Content Management System. The issue arises in the file '/admin/users.php', where the 'delete' parameter can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, potentially leading to unauthorized data access or modification.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a GET request to '/admin/users.php' with the 'delete' parameter. The request should include a payload that exploits the SQL injection vulnerability, such as one that causes a time-based blind SQL injection or an error-based SQL injection, depending on the injection technique used.