Submit #672049: Client Details System V1.0 SQL Injectioninfo

TitelClient Details System V1.0 SQL Injection
Beschreibung# NAME OF AFFECTED PRODUCT(S) - Client Details System ## Vendor Homepage - [[Client Details System In PHP With Source Code - Source Code & Projects](https://code-projects.org/client-details-system-in-php-with-source-code/)](https://code-projects.org/e-commerce-website-in-php-with-source-code/) # AFFECTED AND/OR FIXED VERSION(S) ## submitter - LiuJiying ## VERSION(S) - V1.0 ## Software Link - [Client Details System In PHP With Source Code - Source Code & Projects](https://code-projects.org/client-details-system-in-php-with-source-code/) # PROBLEM TYPE ## Vulnerability Type - SQL injection ## Root Cause - The root cause of the vulnerability is the improper construction of an SQL UPDATE query in the update-profile.php script. The application directly concatenates the raw, unsanitized uid parameter, received from a $_GET request, into the SQL query string. This fails to neutralize special characters or SQL operators, allowing user-supplied input to be executed as part of the database command. The core issue is the absence of server-side input validation and the failure to use parameterized queries (prepared statements), which would safely separate SQL logic from user data. ## Impact The impact of this vulnerability is critical. An authenticated attacker, by manipulating the uid parameter in the URL, can execute arbitrary SQL commands with the privileges of the web application's database user. This can lead to: - Unauthorized Data Manipulation: The attacker can bypass the intended business logic and update, insert, or delete arbitrary records across any table in the database. For example, using a payload like 1' OR '1'='1 , an attacker could modify every user's profile simultaneously. - Complete Data Exfiltration: Sensitive information from the entire database can be stolen, including user credentials, personal identifiable information (PII), and other application data, using UNION -based or time-based blind injection techniques. - Denial of Service (DoS): The vulnerability could be used to execute resource-intensive or destructive queries (e.g., DROP TABLE if stacked queries are enabled), potentially rendering the database or the entire application unavailable. - Full System Compromise: Depending on the database server's configuration and privileges, this flaw could be escalated to achieve remote code execution (RCE) on the underlying server, leading to a complete system takeover. # DESCRIPTION The "Update Profile" feature within the admin panel is critically vulnerable to SQL Injection. The uid GET parameter, which is intended to specify the unique identifier of the user profile to be modified, is not subjected to any sanitization or validation and is directly embedded into the UPDATE statement. This allows an authenticated attacker to inject malicious SQL code by crafting a malicious uid value in the request URL.
Quelle⚠️ https://github.com/hellonewbie/tutorial/issues/2
Benutzer
 newbie666 (UID 91453)
Einreichung09.10.2025 17:04 (vor 8 Monaten)
Moderieren10.10.2025 15:10 (22 hours later)
StatusAkzeptiert
VulDB Eintrag327927 [code-projects Client Details System 1.0 update-profile.php uid SQL Injection]
Punkte20

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!