SourceCodester Best Employee Management System print1.php sql injection

Vulnerability

The vulnerability resides in the /admin/print1.php file of SourceCodester Best Employee Management System version 1.0 [1]. The id parameter in a GET request is passed unsanitized into a SQL query at line 108 of the hr_softadmin/print1.php script, leading to SQL injection [1]. No authentication or special configuration is required to reach the affected code path; any visitor can trigger the injection via the publicly accessible admin/print1.php endpoint [1].

Exploitation

An attacker can exploit this vulnerability without prior authentication by sending a crafted HTTP GET request to /admin/print1.php with a malicious value in the id parameter [1]. The public proof-of-concept shows that the parameter is injectable using a boolean-based blind technique and error-based techniques [1]. For example, appending a SLEEP payload to the id parameter allows for time-based confirmation of injection [1]. No user interaction or special network position is required; the attack is fully remote [1].

Impact

Successful exploitation enables the attacker to execute arbitrary SQL commands against the underlying MySQL database [1]. This can lead to unauthorized access, extraction, or modification of sensitive employee and system data [1]. If the database user has DBA privileges, the impact may escalate to operating system-level compromise on the database server [1].

Mitigation

As of the publication date, no official patch or fixed version has been released by the vendor [1][2]. Users of Best Employee Management System 1.0 should immediately restrict network access to the /admin/ directory, implement a web application firewall (WAF) rule to block SQL injection patterns on the id parameter, and migrate input validation (whitelist-based filtering or prepared statements) within the application code [1][2].