SourceCodester Malawi Online Market SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester Malawi Online Market version 1.0. The issue arises in the file '/display.php', where insufficient input validation of the 'id' parameter allows remote attackers to inject malicious SQL queries. This vulnerability could be exploited to gain unauthorized access to the database, manipulate or delete data, and retrieve sensitive information.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with the application's database queries. This could lead to unauthorized data access, data manipulation or deletion, and in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the '/display.php' file with a manipulated 'id' parameter. This can be done using a web browser or a tool like Burp Suite. The injected SQL payload can then exploit the application's database query handling, bypassing any existing security measures.