Code-Projects Contact Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Code-Projects Contact Management System version 1.0. The issue arises in the file index.py, where the argument selecteditem[0] is improperly handled, allowing for SQL injection. This vulnerability can be exploited remotely, potentially leading to unauthorized manipulation or deletion of data in the application's local SQLite database, pythontut.db, which contains personal information.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to the database. This could result in unauthorized data deletion, modification, or exposure of personal information stored in the database.

Reproduction

The vulnerability can be reproduced by manipulating the selecteditem[0] argument in the Contact Management System's user interface. This can be done by tampering with the UI data or an input source that populates the selection tree. Once the argument is manipulated, the application will execute the crafted SQL injection against the local SQLite database.