SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue arises in the 'Category' function of 'pizza/index.php?page=category', where the 'id' parameter is not properly sanitized. This flaw allows remote attackers to inject malicious SQL commands, exploiting the application’s database query handling. The vulnerability has been publicly disclosed and is unpatched.

Impact

Exploitation of this vulnerability allows attackers to perform error-based SQL injection, with potential impacts including extraction of database information, manipulation or deletion of records, and unauthorized privilege escalation by hijacking session data.

Reproduction

The vulnerability can be reproduced by sending a GET request to 'pizza/index.php?page=category' with an 'id' parameter that includes an SQL injection payload. The injected SQL command can be crafted to exploit the application's database error handling, extracting sensitive information through error messages.

Remediation

To address this vulnerability, it is recommended to use prepared statements for database queries, validate and sanitize input parameters, restrict database user privileges, monitor and log unusual access patterns, conduct regular security testing, and improve error handling to avoid disclosing database errors.