It was discovered that the server is vulnerable to a SQL injection. The variable $category_name is accessible by anyone. An attacker can exploit this vulnerability to execute arbitrary code or view sensitive information. The exploit can be delivered by injecting an image tag to the user's session. A solution to fix this vulnerability is installing the latest software version.
CVE-2017-15385: SQL Injection in SourceCodester Book Store Management System 1.0 The researcher discovered a vulnerability in sourceCodester Book Store Management System. It has been classified as critical. A user can exploit this vulnerability to execute arbitrary code. This issue is actively exploited by hackers. The exploitation can be accomplished remotely via phishing. An attacker can inject the malicious code to the victim's session via a malicious link. This bug can be exploited by hackers to obtain sensitive information or to deploy malicious code on the system. The researcher discovered a vulnerability in sourceCodester Book Store Management System. It has been classified as critical. A user can exploit this vulnerability to execute arbitrary code. This issue is actively exploited by hackers. The exploitation can be accomplished remotely via phishing. An attacker can inject the malicious code to the victim's session via a malicious link. This bug can be exploited by hackers to obtain sensitive information or to deploy malicious code on the system
Browsers Affected by SourceCodester Book Store Management System 1.0
The vulnerability can be exploited in Internet Explorer (IE), Firefox, Google Chrome and Safari.
How to check if my browser is vulnerable?
To check if your browser is vulnerable, you can use a tool like https://www.owasp.org/index.php/SQL_Injection_Cross-Site_Scripting (XSS)
If the vulnerability is not fixed, an attacker would be able to send SQL queries and execute them on the server. The vulnerability can be exploited by taking advantage of a user's trust in the website that they are visiting without their knowledge or consent.
Vulnerable Source Code
The source code is vulnerable to SQL Injection. Anyone can gain access to the database, even if they do not have the necessary privileges. Below are some of the things a user can do with this exploit:
- Execute arbitrary code
- View sensitive information
Timeline
Published on: 10/11/2022 18:15:00 UTC
Last modified on: 10/11/2022 20:21:00 UTC