Campcodes Online Learning Management System SQL Injection Vulnerability in Login Admin Panel

A SQL injection vulnerability has been identified in Campcodes Online Learning Management System version 1.0. The issue resides in the admin login file, specifically within the username parameter. This vulnerability allows remote attackers to inject malicious SQL queries, potentially leading to unauthorized database access, data manipulation, and exposure of sensitive information. The vulnerability arises from inadequate input validation, allowing attackers to exploit the SQL query execution process.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, appended to the original SQL query of the vulnerable endpoint. This could lead to unauthorized data access, data modification or deletion, and in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/lms/admin/login.php' endpoint with a crafted 'username' parameter that includes malicious SQL payloads. This can be done using tools like sqlmap, which automates the process of finding and exploiting SQL injection vulnerabilities.

Remediation

To address this vulnerability, it is recommended to implement prepared statements and parameter binding to separate SQL code from user input. Additionally, input validation and filtering should be applied to ensure data conforms to expected formats. Minimizing database user permissions and conducting regular security audits can further enhance the application's security.