| Title | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 SQL Injection |
|---|
| Description | The Online College Event Hall Reservation System demonstrates a SQL Injection vulnerability within its `/admin/users.php` component, specifically through the `user_id` parameter. This flaw allows attackers to execute arbitrary SQL commands, such as delaying the server response using the `sleep(5)` function. This vulnerability underlines the importance of employing parameterized queries or proper input validation techniques to protect the application from SQL Injection attacks, thereby safeguarding the database from unauthorized access or manipulation. |
|---|
| Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20users.php.md |
|---|
| User | nochizplz (UID 64302) |
|---|
| Submission | 03/08/2024 12:18 (1 Year ago) |
|---|
| Moderation | 03/15/2024 17:29 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 256971 [MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/users.php user_id sql injection] |
|---|
| Points | 20 |
|---|