SourceCodester SUP Online Shopping SQL Injection Vulnerability in replymsg.php

A SQL injection vulnerability has been identified in SourceCodester SUP Online Shopping version 1.0, specifically within the admin/replymsg.php file. The issue arises from inadequate validation of the 'msgid' parameter, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, giving attackers unauthorized access to the database, where they could manipulate or leak sensitive data, disrupt services, and potentially gain full control over the system.

Impact

Exploitation of this vulnerability allows for unauthorized database access, manipulation or deletion of data, leakage of sensitive information, and could lead to a complete system compromise.

Reproduction

The vulnerability can be reproduced by sending a crafted GET request to the admin/replymsg.php file with an injected SQL payload in the 'msgid' parameter. Several types of SQL injection payloads can be used, including boolean-based blind, error-based, time-based blind, and UNION query injections.

Remediation

To address this vulnerability, it is recommended to use prepared statements and parameter binding to prevent SQL injection, conduct thorough input validation and filtering, and minimize database user permissions.