| Title | SourceCodester Online Examination System Project V1.0 SQL Injection |
|---|
| Description | zebra11 discovered a significant security vulnerability in the Online Examination System Project, caused by inadequate protection of the "email" parameter in the "registeracc.php" file. This vulnerability could be exploited to inject malicious SQL queries, leading to unauthorized access and the extraction of sensitive information from the database.
The method on line 22 of the "registeracc.php" file retrieves the value of the user input "email" from the POST element. Then the value of this element will be passed to the code without proper purification or validation, and ultimately used for database queries in the method on line 27 of the "registeracc.php" file. This may lead to SQL injection attacks. |
|---|
| Source | ⚠️ https://github.com/CveSecLook/cve/issues/32 |
|---|
| User | zebra11 (UID 68838) |
|---|
| Submission | 05/15/2024 06:51 PM (10 months ago) |
|---|
| Moderation | 05/17/2024 07:51 AM (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 264743 [SourceCodester Online Examination System 1.0 registeracc.php email sql injection] |
|---|
| Points | 20 |
|---|