Product: Garage Management System
Vendor: https://www.sourcecodester.com/users/mayurik
Affected Version(s): 1.0
CVE ID: CVE-2022-36636
Description: Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php
Vulnerability Type: SQL injection
Root Cause: Parameter "id" in /print.php does not have user input sanitization.
Impact: An attacker is able to extract sensitive data from the database.
PoC: 1: Access http://hostname/garage/print.php?id=1, then use burpsuite to intercept the request and save it as a txt file. 2: Use sqlmap to dump the databse automatically.