SourceCodester Simple E-Learning System SQL Injection Vulnerability in User Profile Update Component

A SQL injection vulnerability has been identified in SourceCodester Simple E-learning System version 1.0. The issue arises in the user profile update handler, where the 'firstName' parameter is not properly sanitized before being used in SQL queries. This flaw allows authenticated attackers to inject malicious SQL, potentially leading to unauthorized database access, data exfiltration, and manipulation of database integrity. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows authenticated attackers to inject SQL commands through the 'firstName' parameter, leading to various forms of SQL injection, including error-based, boolean-based blind, and time-based blind SQL injection. This could result in unauthorized access to the database, extraction of sensitive data such as user credentials, and modification or deletion of database records.

Reproduction

To reproduce this vulnerability, log into the application with valid credentials and navigate to the user profile update section. Use a tool like 'sqlmap' to exploit the vulnerability by injecting SQL payloads into the 'firstName' parameter of the POST request.