SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue arises in the delete_cart function within the file /admin/ajax.php?action=delete_cart. The vulnerability allows for error-based SQL injection, where an attacker can manipulate the ID parameter to inject malicious SQL commands. This flaw can be exploited remotely, and an exploit is publicly available.

Impact

Exploitation of this vulnerability allows attackers to perform error-based SQL injection, potentially leading to unauthorized data access, manipulation, or deletion within the application's database. Additionally, such exploitation could cause a denial-of-service condition by disrupting normal database operations.

Reproduction

To reproduce this vulnerability, send a POST request to /pizzafy/admin/ajax.php?action=delete_cart with an injected SQL payload in the id parameter. The injection can exploit the application's SQL query handling by, for example, using the extractvalue() function to retrieve database information through error messages.

Remediation

It is recommended to update the delete_cart function to properly sanitize the id parameter, use prepared statements for database queries, and implement input validation to ensure only expected values are processed. Additionally, review and restrict database user permissions to minimize the impact of potential SQL injection attacks.