CVE-2022-43328
Description
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection vulnerability in Canteen Management System v1.0 via id parameter in editorder.php allows database information disclosure.
Vulnerability
Canteen Management System v1.0, built using XAMPP PHP 8.1, contains a SQL injection vulnerability in the /youthappam/editorder.php script. The id parameter is not properly sanitized, allowing an attacker to inject arbitrary SQL commands. The vulnerability is exploitable with a Super Admin account (mayuri.infospace@gmail.com/rootadmin). [1]
Exploitation
An attacker with Super Admin privileges can send a crafted GET request to /youthappam/editorder.php?id=. The reference demonstrates a payload to determine database length: 1%20and%20length(database())%20=10--+. The attacker can modify the injection to extract data from the youthappam database. [1]
Impact
Successful exploitation allows an authenticated attacker to read arbitrary data from the database, potentially exposing sensitive information such as user credentials and application data. The injection appears to be blind-based, enabling step-by-step information disclosure. [1]
Mitigation
No official patch or fixed version has been released as of the publication date (2022-11-01). Users should apply input validation and parameterized queries to the id parameter or limit access to the vulnerable page. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Canteen Management System/Canteen Management Systemdescription
- Range: v1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.