Headline
CVE-2022-48090: tramyardg-hotel-mgmt-system of version2022.4 has a SQL injection vulnerability · Issue #21 · tramyardg/hotel-mgmt-system
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php.
List of Vulnerable path
Vulnerable path /app/dao/CustomerDAO.php
Vulnerable path /app/handlers/CustomerHandler.php
Vulnerable path /app/process_update_profile.php
Lines 49-59 of the “CustomerDAO.php” file splice the sql word,so bypass the PDO.
Line 98 of the “CustomerHandler.php” use the vulnerable function.
Lines 31-40 of the “process_update_profile.php” use the vulnerable function.
Vulnerability exploitation process:
After the user logged in, click the button "update proflie".
Then input the poc and click "update".
After that,refresh it and click "update profile",you can see the data from database.
POC code:
youyou",password = "", phone = concat(database(),version()) WHERE `customer`.`cid`="10"#