SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information.
The vulnerability exists in the Personal Information Update functionality. An attacker can enter maliciously crafted input data into the appropriate form field, which is then passed directly to an SQL query without proper validation or sanitization. This makes it possible to modify the logic of the database query and execute arbitrary SQL commands (CWE-89).
An attacker can gain full control over the application's database — read, modify or delete stored data, and potentially execute arbitrary code on the server side, resulting in violations of system confidentiality, integrity and availability.
Patches available from the vendor should be applied in accordance with the references. Additionally, it is recommended to implement parameterized SQL queries and input data validation mechanisms, as well as restrict network access to the application to trusted sources.
Code-Projects Scholars Tracking System version 1.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCode Projects Scholars Tracking System
APPCode-Projects1.0
Related vulnerabilities
SQL Injection w Code-Projects Scholars Tracking System 1.0
SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0 allows attackers to run arbitrar...
Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run...
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information ...
Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień