CVE-2023-38916: SQL Injection Vulnerability · Issue #1 · Mohammad-Ajazuddin/eVotingSytem-PHP

1. SQL Injection Vulnerability

Vulnerability Description: The code directly inserts user input into an SQL query, which can lead to SQL injection attacks. Malicious users can manipulate, delete, or disclose data from the database by injecting malicious SQL code through input fields.

Code Location:

$query = 'SELECT * FROM voters WHERE username = "’. $username .’"’; $record = mysqli_query($cxn,$query);

Vulnerability Impact: Exploiting this vulnerability can result in unauthorized access to sensitive data, data manipulation, or even a complete compromise of the database.

Recommendation: To mitigate the SQL injection vulnerability, it is recommended to use prepared statements or parameterized queries. Prepared statements separate user input from the SQL query, preventing malicious input from being interpreted as SQL code. The fixed code is as follows:

$stmt = $cxn->prepare(“SELECT * FROM voters WHERE username = ?”); $stmt->bind_param("s", $username); $stmt->execute(); $record = $stmt->get_result(); $getfield = $record->fetch_assoc();

Summary: Fixing this vulnerability by implementing prepared statements significantly enhances the security of the code. Prepared statements prevent SQL injection attacks by separating user input from the SQL query.

Please note that this report is provided for informational purposes and should be shared with the responsible person of the GitHub project for further action.