QueryMine SMS SQL Injection Vulnerability in Course Deletion Function

A SQL injection vulnerability has been identified in QueryMine SMS versions prior to 7ab5a9ea196209611134525ffc18de25c57d9593. The issue resides in the admin/deletecourse.php file, specifically within the GET request parameter handler. The vulnerability arises because the application does not properly validate or sanitize the 'id' parameter before using it in an SQL deletion query. This lack of parameterization allows for malicious manipulation of the SQL command, potentially leading to unauthorized data access or modification. The vulnerability can be exploited remotely, without any authentication requirements.

Impact

Exploitation of this vulnerability allows for arbitrary SQL injection, which could be used to manipulate the database, such as deleting courses without authorization. This could result in significant data loss and disruption of system functionality.

Reproduction

To reproduce this vulnerability, log into the application and create a test course. Then, send a GET request to the admin/deletecourse.php file, including the 'id' parameter of the course to be deleted. The request can be made without any authentication cookies, bypassing login requirements. After the request is processed, the course will be deleted from the database, confirming the successful exploitation of the vulnerability.