# Vulnerability Summary: itsourcecode Courier Management System V1.0 SQL Injection Vulnerability ## Vulnerability Overview * **Vulnerability Type**: SQL Injection * **Affected Product**: Courier Management System V1.0 * **Vulnerable File**: `/edit_user.php` * **Vulnerable Parameter**: `id` * **Root Cause**: A SQL injection vulnerability was discovered in the `/edit_user.php` file of the “Courier Management System Project in PHP”. After logging in with valid credentials, an attacker can inject malicious code via the `id` parameter. The application fails to properly sanitize or validate this input, allowing the attacker to manipulate SQL queries and perform unauthorized actions. ## Impact Scope * Attackers can exploit this vulnerability for unauthorized database access. * Sensitive data leakage. * Data tampering. * Full system control. * Service disruption, posing a serious threat to system security and business continuity. * **Note**: Exploitation requires authentication or system access privileges. ## Remediation Measures 1. **Use Prepared Statements and Parameter Binding**: Prepared statements prevent SQL injection because they separate SQL code from user input data. When using prepared statements, user-supplied values are treated as pure data and will not be interpreted as SQL code. 2. **Input Validation and Filtering**: Strictly validate and filter user input data to ensure it conforms to expected formats. For example, ensure candidate IDs match a valid numeric pattern. 3. **Minimize Database User Privileges**: Ensure the account used to connect to the database has only the minimum necessary privileges. Avoid using accounts with high-level permissions (such as “root” or “admin”) for routine operations. 4. **Regular Security Audits**: Conduct regular code and system security audits to promptly identify and fix potential security vulnerabilities. ## POC Code ```python python sqlmap.py --random-agent --batch -u "http://154.219.114.125:8810/edit_user.php?id=1" --dbms=mysql --current-db ```