VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 18, 2022· Updated Apr 15, 2025

SourceCodester Canteen Management System edituser.php sql injection

CVE-2022-3584

Description

A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211193 was assigned to this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in SourceCodester Canteen Management System 1.0 edituser.php allows remote authenticated attackers to execute arbitrary SQL commands.

Vulnerability

A SQL injection vulnerability exists in the edituser.php file of SourceCodester Canteen Management System version 1.0. The id parameter is directly concatenated into SQL queries without proper sanitization or parameterization, allowing an attacker to inject malicious SQL statements [1].

Exploitation

An attacker must first authenticate to the application. After logging in, they can access the Edit User functionality and manipulate the id parameter in the URL (e.g., GET /edituser.php?id=-7956' UNION ALL SELECT NULL,md5(1),NULL,NULL--+). The injected SQL payload is executed by the database, and results may be reflected in the page response [1].

Impact

Successful exploitation allows the attacker to execute arbitrary SQL commands, potentially leading to data exfiltration, modification, or deletion of database contents. This can compromise the confidentiality, integrity, and availability of the application data [1].

Mitigation

No official patch has been released for this vulnerability as of the publication date. The vendor has not addressed the issue. Users should restrict network access to the Canteen Management System, apply input validation, and use parameterized queries to prevent SQL injection [1].

References
  1. webray.com.cn/Canteen-Management-System/Canteensql2.md at main · joinia/webray.com.cn

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.