Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Sourcecodester Computer and Mobile Repair Shop Management System version 1.0. The issue resides in the file manage_client.php, located within the admin/clients directory. The vulnerability allows attackers to manipulate SQL queries by injecting malicious payloads, potentially leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, log into the application with an account that has administrative privileges. Navigate to the 'Manage Client' section under 'Clients' in the admin panel. The vulnerability can be exploited by sending a crafted HTTP GET request to manage_client.php, including a SQL injection payload in the 'id' parameter. The injected SQL code can be used to extract database information, demonstrating the successful exploitation of the SQL injection flaw.