CVE-2022-30831
Description
Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Wedding Management System v1.0 has a SQL injection vulnerability in the `id` parameter of `wedding_details.php`, allowing attackers to extract database information.
Vulnerability
Wedding Management System v1.0, developed by codeastro.com, is vulnerable to SQL injection in the /Wedding-Management/wedding_details.php script. The id parameter is directly concatenated into a SQL query without proper sanitization [1]. An attacker can inject SQL commands via the id parameter, as demonstrated with the payload id=31%20and%20length(database())%20=9 [1]. The vulnerability exists in version 1.0 of the application.
Exploitation
An attacker requires no authentication or special privileges; the vulnerability is accessible via a simple GET request to the vulnerable endpoint [1]. The attacker does not need to be logged in, as the affected page is publicly accessible. By manipulating the id parameter in the URL, the attacker can perform boolean-based blind SQL injection, determining the truth of SQL conditions based on differences in the response content length [1]. For example, when length(database()) = 8 the response length is 4824 bytes, and when length(database()) = 9 it is 5397 bytes [1]. This allows the attacker to extract information character by character.
Impact
Successful exploitation allows an attacker to extract sensitive information from the underlying MySQL database, such as the database name (dbwedding), usernames, passwords, and other application data [1]. This can lead to full compromise of the application's data and potentially further attacks on the server if database credentials are reused or privileged operations are enabled.
Mitigation
As of the publication date (2022-05-31), no official patch has been released for Wedding Management System v1.0 [1]. The vendor's website indicates the software is available for download but does not provide a security update. Users should upgrade to a newer version if available, or implement input validation and parameterized queries to prevent SQL injection. If no fix is forthcoming, consider replacing the application with a maintained alternative.
References
[1] https://github.com/k0xx11/bug_report/blob/main/vendors/codeastro.com/wedding-management-system/SQLi-8.md
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Wedding Management System/Wedding Management Systemdescription
- Range: <=1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.