Submit #473410: code-projects Student Management System 1.0 SQL Injectioninfo

Titlecode-projects Student Management System 1.0 SQL Injection
DescriptionThe SQL Injection vulnerability exists in diretory `/config/DbFunction.php` where this function query the subject `$sid` parameter into the SQL statement without any restriction, validation or sanitization. An attacker could exploit this vulnerability to get Remote Code Execution (RCE).
Source⚠️ https://gist.github.com/th4s1s/e8488d7e35d789581979f3b7e4c48b1f
User
 lio346 (UID 79690)
Submission01/02/2025 11:19 AM (1 month ago)
Moderation01/03/2025 01:27 PM (1 day later)
StatusAccepted
VulDB Entry290140 [code-projects Student Management System 1.0 /config/DbFunction.php showSubject1 sid sql injection]
Points17

Do you want to use VulDB in your project?

Use the official API to access entries easily!