Restaurant Reservation System 1.0 - 'date' SQL Injection (Authenticated)

vendor:

Restaurant Reservation System

by:

b1nary

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Restaurant Reservation System

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:restaurant_reservation_system:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Linux + Apache2

2020

Restaurant Reservation System 1.0 – ‘date’ SQL Injection (Authenticated)

Restaurant Reservation System 1.0 allows SQL Injection via parameter 'date' in includes/reservation.inc.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied data should be validated and filtered before being used in SQL queries.

Source

Restaurant Reservation System 1.0 – ‘date’ SQL Injection (Authenticated)

Mitigation:

Exploit-DB raw data: