SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability

A critical error-based SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue arises in the 'get_cart_count' function within '/admin/ajax.php?action=get_cart_count'. The vulnerability allows attackers to manipulate the 'id' parameter, injecting malicious SQL that is executed by the database. This flaw can be exploited remotely, without authentication, and has been publicly disclosed along with a proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification or deletion, and could disrupt the application's availability. Additionally, session data extraction could be used to escalate privileges, such as gaining administrative access.

Reproduction

To reproduce this vulnerability, send a GET request to '/pizzafy/admin/ajax.php?action=get_cart_count' with an injected SQL payload in the 'id' parameter. The injection can be crafted to exploit the error-based SQL injection vulnerability by, for example, using the 'extractvalue' function to retrieve database information.

Remediation

It is recommended to update the code to use prepared statements for database queries, which can prevent SQL injection vulnerabilities. Additionally, input validation should be implemented to sanitize user inputs before processing them in SQL queries.