CVE-2022-43276

Vulnerability

Canteen Management System v1.0, developed by mayuri_k and available from SourceCodester, contains a SQL injection vulnerability in the /youthappam/php_action/fetchSelectedfood.php endpoint. The productId POST parameter is directly concatenated into SQL queries without sanitization or parameterization. The application runs on PHP 8.1 with Apache/XAMPP. The vulnerability is present in version 1.0 of the software [1].

Exploitation

An attacker can exploit this vulnerability remotely without authentication, as the vulnerable endpoint is publicly accessible. The attacker sends a POST request to /youthappam/php_action/fetchSelectedfood.php with a crafted productId value containing a SQL injection payload. For example, the payload productId=-1 union select 1,database(),3,4,5,6,7,8,9 retrieves the database name. No special privileges or user interaction are required [1].

Impact

Successful exploitation allows an attacker to extract sensitive information from the underlying MySQL database, including credentials, user data, and other application data. The affected database name is youthappam. The attacker can leverage the SQL injection to read arbitrary tables, potentially leading to full database compromise and further attacks [1].

Mitigation

As of the publication date (2022-10-28), no official patch or fixed version has been released. The vendor's source code page is still available, and the application remains unpatched. Mitigation measures include implementing input validation, using parameterized queries (prepared statements) for all database operations, and restricting network access to the vulnerable endpoint. Users should monitor the vendor's site for updates or consider migrating to an alternative solution [1].