Code-Projects Online Product Reservation System SQL Injection Vulnerability in Cart Update Handler

A critical SQL injection vulnerability has been identified in the Online Product Reservation System version 1.0, specifically within the Cart Update Handler component. The issue arises in the file '/app/checkout/update.php', where POST parameters 'id' and 'qty' are directly concatenated into SQL UPDATE and SELECT queries without proper validation. This vulnerability allows remote attackers to manipulate the cart data and extract sensitive product information. The lack of input validation, use of deprecated SQL functions, and direct exposure of database errors further exacerbate the issue.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to '/app/checkout/update.php' with the 'id' and 'qty' parameters. The application will process these parameters without validation, allowing for SQL injection through the concatenation of the parameter values into SQL queries. This can be automated with tools like SQLMap.