SourceCodester Garage Management System edituser.php sql injection
Description
SQL injection in SourceCodester Garage Management System 1.0 via id parameter in /edituser.php allows remote attackers with admin access to execute arbitrary SQL queries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in SourceCodester Garage Management System 1.0 via id parameter in /edituser.php allows remote attackers with admin access to execute arbitrary SQL queries.
Vulnerability
A critical SQL injection vulnerability exists in SourceCodester Garage Management System version 1.0. The flaw resides in the /edituser.php script, where the id parameter is not properly sanitized before being used in a SQL query. An attacker can inject malicious SQL payloads, such as -2' UNION select 11,user(),333,444--+, to manipulate the query. The vulnerability is present in the default installation and does not require any special configuration to be exploitable [1].
Exploitation
Exploitation requires the attacker to first authenticate with valid admin credentials. The default credentials are admin / admin123. After logging in, the attacker sends a crafted HTTP GET request to /edituser.php?id=-2' UNION select 11,user(),333,444--+. The injected UNION clause retrieves the database user and other data, which is then reflected in the application response. No additional privileges or user interaction are needed beyond the initial login [1].
Impact
Successful exploitation allows the attacker to extract sensitive information from the database, such as database usernames, passwords (if stored in plaintext or hashed), and other application data. The attack can lead to complete disclosure of the database contents, potentially compromising the entire application and its users. The impact is limited to information disclosure; however, depending on the database configuration, further escalation (e.g., writing files or executing commands) may be possible [1].
Mitigation
As of the publication date (2022-07-29), no official patch or updated version has been released by SourceCodester. The vendor has not acknowledged the vulnerability. Mitigation requires manual input validation and parameterized queries in the /edituser.php script. Administrators should change default credentials, restrict network access to the admin panel, and consider using a web application firewall (WAF) to block SQL injection attempts. The software may be end-of-life; migrating to a supported alternative is recommended [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 1.0
- Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input validation on the `id` parameter in `/edituser.php` allows an attacker to inject arbitrary SQL statements."
Attack vector
An attacker must first authenticate to the Garage Management System with valid admin credentials (default username `admin`, password `admin123`) [ref_id=1]. Once logged in, the attacker sends a crafted HTTP GET request to `/edituser.php` with the `id` parameter set to a malicious SQL payload such as `-2' UNION select 11,user(),333,444--+` [ref_id=1]. The application does not validate or sanitize this input, so the payload is concatenated directly into a SQL query, enabling the attacker to extract database contents remotely [ref_id=1].
Affected code
The vulnerability exists in the file `/edituser.php` at the `id` parameter [ref_id=1]. The application fails to validate or filter the `id` parameter before using it in a SQL query, allowing SQL injection [ref_id=1].
What the fix does
No patch is published in the bundle. The advisory [ref_id=1] recommends that the application validate and filter user-supplied data before using it in SQL queries. The root cause is the lack of input validation on the `id` parameter at `/edituser.php`, which allows unsanitized user input to be passed directly into a SQL statement. To remediate, the application should use parameterized queries (prepared statements) and apply strict type checking on the `id` parameter.
Preconditions
- authAttacker must have valid admin credentials (default: admin/admin123)
- networkAttacker must be able to send HTTP GET requests to the vulnerable endpoint
- inputThe id parameter is not validated or sanitized by the application
Reproduction
1. Log in to the Garage Management System with admin credentials (username: `admin`, password: `admin123`) [ref_id=1]. 2. Navigate to `http://<target>/edituser.php?id=-2'%20UNION%20select%2011,user(),333,444--+` [ref_id=1]. 3. The page will display the result of the injected UNION query, revealing database information such as the database user [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/ch0ing/vul/blob/main/WebRay.com.cn/Garage%20Management%20System%28SQLI%29.mdmitrex_refsource_MISC
- vuldb.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.