CVE-2022-43278

Vulnerability

Canteen Management System v1.0, built using XAMPP with PHP 8.1, contains a SQL injection vulnerability in the file /php_action/fetchSelectedCategories.php. The categoriesId parameter is directly concatenated into a SQL query without sanitization, allowing an attacker to inject arbitrary SQL. The application is available from SourceCodester [1].

Exploitation

An attacker can exploit this vulnerability by sending a POST request to /youthappam/php_action/fetchSelectedCategories.php with a malicious categoriesId parameter. No authentication is required; the provided payload -1 union select 1,database(),3,4 demonstrates extraction of the database name. The attack can be performed remotely over HTTP [1].

Impact

Successful exploitation allows an attacker to read arbitrary data from the database, including potentially sensitive information such as user credentials and application data. The database name youthappam is exposed, and further queries could enumerate tables and records. This leads to information disclosure and could facilitate further attacks [1].

Mitigation

As of the publication date (2022-11-09), no official patch has been released. The vendor mayuri_k has not provided a fixed version. Users should apply input validation and parameterized queries to the categoriesId parameter, or restrict access to the vulnerable endpoint until a patch is available. The CVE is not listed in CISA's Known Exploited Vulnerabilities catalog [1].