Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function.
The vulnerability results from a lack of proper validation and sanitization of input data passed to the login function (CWE-94 — code injection). An attacker can inject malicious SQL code directly into the login form fields, thereby modifying the query sent to the database. The attack does not require authentication, any user-side interaction, or special network conditions.
An attacker can gain unauthorized access to the application (including bypassing the authentication mechanism), read, modify or delete data from the database, and potentially take full control of the database system.
Patches available from the vendor should be applied according to the references. Additionally, it is recommended to implement parameterized SQL queries (prepared statements) and server-side input validation mechanisms. It is also recommended to restrict access to the application at the firewall level to trusted IP addresses.
Code-Projects Student Enrollment In PHP v1.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCode Projects Student Enrollment
APPCode-Projects1.0
Related vulnerabilities
Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP
Arbitrary File Upload umożliwiający RCE w Student Enrollment In PHP
SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the St...
A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This...
Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień