SourceCodester Pet Grooming Management Software SQL Injection Vulnerability in update_customer.php
Vulnerability
A SQL injection vulnerability has been identified in SourceCodester Pet Grooming Management Software version 1.0. The issue arises in the file update_customer.php, where the application fails to properly validate and sanitize user input, particularly the id parameter. This oversight allows for malicious SQL code to be executed, manipulating the database in unintended ways. The vulnerability can be exploited remotely.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
The vulnerability can be reproduced by sending a POST request to the update_customer.php file with a crafted id parameter that includes SQL injection payloads. The injected SQL code can be designed to, for example, cause a time delay, demonstrating the injection's success.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.