CVE-2022-43290

Vulnerability

Canteen Management System v1.0, built using PHP 8.1, contains a SQL injection vulnerability in the id parameter of the /youthappam/editcategory.php endpoint. The application fails to sanitize user input before using it in a SQL query, allowing an attacker to inject arbitrary SQL commands. The vulnerability is present in version 1.0 as distributed by the vendor [1].

Exploitation

An attacker must first authenticate to the application; the reference provides super admin credentials (mayuri.infospace@gmail.com / rootadmin). Once authenticated, the attacker sends a crafted GET request to /youthappam/editcategory.php with a malicious id parameter. For example, the payload id=-1' union select 1,database(),3,4--+ extracts the database name. The request includes a valid session cookie and can be executed with standard HTTP tools [1].

Impact

Successful exploitation allows the attacker to read arbitrary data from the database, including other users' credentials, application configuration, and sensitive business data. The attacker can enumerate tables and columns, potentially leading to full database compromise. The impact is limited to data confidentiality and integrity; no remote code execution is demonstrated in the available references [1].

Mitigation

No official patch or fixed version has been released by the vendor as of the publication date. The application is no longer actively maintained, and users are advised to apply input validation and parameterized queries to the id parameter in /youthappam/editcategory.php as a workaround. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog [1].