CVE-2022-43331

Vulnerability

The Canteen Management System v1.0, available from SourceCodester, contains a SQL injection vulnerability in the /php_action/printOrder.php script. The id parameter (sent as orderId in POST requests) is directly concatenated into SQL queries without sanitization or parameterization, allowing an attacker to inject arbitrary SQL commands. The vulnerability is present in all versions as the application is fixed at v1.0. [1]

Exploitation

An attacker must have a valid session (e.g., as a Super Admin) to send POST requests to /php_action/printOrder.php. No special network position is required beyond access to the web application. The attacker can manipulate the orderId parameter, as demonstrated with the payload orderId=1 and length(database()) = 10, which reveals the database name length. The exploitation can be performed through standard HTTP POST requests with the vulnerable parameter. [1]

Impact

Successful exploitation allows an attacker to extract database contents, including potentially sensitive user data such as credentials. The vulnerability enables information disclosure, and further techniques could lead to authentication bypass or data manipulation. The attacker gains the ability to execute arbitrary SQL queries, possibly escalating to full database compromise. [1]

Mitigation

No official patch has been released by the vendor. As of the publication date (2022-11-01), users should apply input validation and parameterized queries to the orderId parameter in printOrder.php. If upgrading is not possible, consider using a web application firewall (WAF) to block malicious payloads. This CVE is not listed in the CISA Known Exploited Vulnerabilities catalog. [1]