Code-Projects Food Distributor Site SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in Code-Projects Food Distributor Site version 1.0. The issue arises in the file '/admin/process_login.php', where the 'username' and 'password' parameters can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely without authentication, potentially compromising the application's database by allowing attackers to read, modify, or delete data.

Impact

Exploitation of this vulnerability allows for unauthorized SQL injection, which could lead to database manipulation or extraction of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a request to the '/admin/process_login.php' endpoint with crafted 'username' and 'password' parameters that include SQL injection payloads. This can be done using a tool like Burp Suite or through a simple HTTP request script.