Submit #474168: CampCodes Student Grading System 1.0 SQL Injectioninfo

TitleCampCodes Student Grading System 1.0 SQL Injection
DescriptionVendor and Product Information: Vendor: CampCodes Product: Student Grading System Product URL: https://www.campcodes.com/projects/php/student-grading-system-using-php-mysql-free-download/ Confidence: Confirmed Description: The 'view_students.php' file directly incorporates the $_POST['id'] parameter into the SQL query without proper sanitization or validation. This lack of protection allows an attacker to modify the id parameter in the URL and inject malicious SQL, potentially enabling unauthorized access or data manipulation.
Source⚠️ https://github.com/shaturo1337/POCs/blob/main/SQL%20Injection%20in%20Student%20Grading%20System.md
User
 John Correche (UID 79510)
Submission01/03/2025 05:41 AM (1 month ago)
Moderation01/03/2025 05:14 PM (12 hours later)
StatusAccepted
VulDB Entry290157 [Campcodes Student Grading System 1.0 /view_students.php id sql injection]
Points20

Do you know our Splunk app?

Download it now for free!