SourceCodester Pizzafy Ecommerce System SQL Injection Vulnerability

A high-severity SQL injection vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue resides in the Setting Handler component, specifically within the save_settings function of the /pizzafy/admin/ajax.php file. This vulnerability allows remote attackers to manipulate SQL queries by injecting malicious payloads, potentially leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows for error-based SQL injection, where an attacker can inject SQL commands that are executed by the database. This could be used to extract sensitive information, such as database names or user data, and could also allow for modification or deletion of database records.

Reproduction

To reproduce this vulnerability, send a POST request to /pizzafy/admin/ajax.php?action=save_settings. Include a crafted 'name' parameter that contains SQL injection payloads, such as SQL commands appended with SQL comment syntax. The injection takes place because the application does not properly sanitize the input before using it in a SQL query. Other form data, such as 'email', 'contact', and 'about', can be included as well.